LDAP authentication without managerDN and manager password

前端 未结 2 1762
渐次进展
渐次进展 2021-01-15 00:32

I am writing an application in Java Spring framework to perform Active Directory LDAP authentication. I am succeeding in connecting to my organization LDAP.

Here is

2条回答
  •  爱一瞬间的悲伤
    2021-01-15 01:27

    Yes it is possible: you can let the user who is actualy logging in connecting to the LDAP himself to test his credential and fetch its userdata.

    AuthenticationManager configuration:

    @Override
    protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
        ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
        activeDirectoryLdapAuthenticationProvider.setSearchFilter(searchFilter);
        auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider);
    }
    

    Spring security does two things:

    • Let the user log in with his username and password
    • Find the user to fetch user info, groups, etc. For this step, you must specify a searchFilter that can find a user based on it's username, like "userPrincipalName={0}" where {0} is the provided username.

提交回复
热议问题