If we need to get User attributes from ActiveDirectory like name, sn etc. can\'t we configure using Specialized LDAP authentication provider which uses Active Directory configur
You do not. Spring Security comes with an UserDetailsContextMapper interface
/**
* Creates a fully populated UserDetails object for use by the security framework.
*
* @param ctx the context object which contains the user information.
* @param username the user's supplied login name.
* @param authorities
* @return the user object.
*/
UserDetails mapUserFromContext(DirContextOperations ctx, String username,
Collection<? extends GrantedAuthority> authorities);
The default implementation, LdapUserDetailsMapper
Currently only maps the groups returned by the search.
// Map the roles
for (int i = 0; (this.roleAttributes != null)
&& (i < this.roleAttributes.length); i++) {
String[] rolesForAttribute = ctx.getStringAttributes(this.roleAttributes[i]);
if (rolesForAttribute == null) {
this.logger.debug("Couldn't read role attribute '"
+ this.roleAttributes[i] + "' for user " + dn);
continue;
}
for (String role : rolesForAttribute) {
GrantedAuthority authority = createAuthority(role);
if (authority != null) {
essence.addAuthority(authority);
}
}
}
However, implementing your own UserDetailsMapper you can retrieve any and all records that come back from LDAP.
You just decide what attribute you wish to fetch
Object attribute = ctx.getObjectAttribute("some-ldap-attribute");
This is how you would fetch custom values during an authentication event.
If you want to just query and search and fetch data from the LDAP directory you can leverage the SpringSecurityLdapTemplate
It aims to mimic what RestTemplate does for HTTP but for LDAP.