Do we need to write CustomActiveDirectoryLdapAuthenticationProvider if we want to get user details from ActiveDirectory

Question

If we need to get User attributes from ActiveDirectory like name, sn etc. can\'t we configure using Specialized LDAP authentication provider which uses Active Directory configur

Answer 1

You do not. Spring Security comes with an UserDetailsContextMapper interface

/**
 * Creates a fully populated UserDetails object for use by the security framework.
 *
 * @param ctx the context object which contains the user information.
 * @param username the user's supplied login name.
 * @param authorities
 * @return the user object.
 */
UserDetails mapUserFromContext(DirContextOperations ctx, String username,
        Collection authorities);

The default implementation, LdapUserDetailsMapper

Currently only maps the groups returned by the search.

// Map the roles
for (int i = 0; (this.roleAttributes != null)
        && (i < this.roleAttributes.length); i++) {
    String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);

    if (rolesForAttribute == null) {
        this.logger.debug("Couldn't read role attribute '"
                + this.roleAttributes[i] + "' for user " + dn);
        continue;
    }
        for (String role : rolesForAttribute) {
        GrantedAuthority authority = createAuthority(role);
            if (authority != null) {
            essence.addAuthority(authority);
        }
    }
}

However, implementing your own UserDetailsMapper you can retrieve any and all records that come back from LDAP.

You just decide what attribute you wish to fetch

Object attribute = ctx.getObjectAttribute("some-ldap-attribute");

This is how you would fetch custom values during an authentication event.

If you want to just query and search and fetch data from the LDAP directory you can leverage the SpringSecurityLdapTemplate

It aims to mimic what RestTemplate does for HTTP but for LDAP.