Spring LDAP - bind for successful connection

房东的猫 提交于 2019-12-04 04:42:05

It looks like your LDAP is configured to not allow a search without binding to it (no anonymous bind). Also you have implemented PasswordComparisonAuthenticator and not BindAuthenticator to authenticate to LDAP.

You could try modifying your queryEmployeesByName() method to bind and then search, looking at some examples in the doc.

I'm going to accept @Raghuram answer mainly because it got me thinking in the right direction.

Why my code was failing? Turned out - the way I wired it I was trying to perform anonymous search which is prohibited by the system - hence the error.

How to rewire example above to work? First thing (and ugly thing at that) you need to provide user name and password of user that will be used to access the system. Very counterintuitive even when you login and authenticated, even if you are using BindAuthenticator system will not attempt to reuse your credentials. Bummer. So you need to stick 2 parameters into contextSource definition like so:

   <bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://foo.com:389/dc=td,dc=foo,dc=com" />
    <!-- TODO - need to hide this or encrypt a password -->
    <property name="userDn" value="CN=admin,OU=Application,DC=TD,DC=FOO,DC=COM" />
    <property name="password" value="blah" />

Doing that allowed me to replace custom implementation of authenticator with generic BindAuthenticator and then my Java search started working

I got the same error, couldn't find a solution. Finally I changed the application pool identity to network service and everything worked like a charm. (I have windows authentication and anonymous enabled on my site)
