问题
I'm able to authenticate Active Directory with a user configured for ContextSource lifetime using Spring-ldap. My Spring xml configuration looks lilke this:
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
<property name="contextSource" ref="contextSource" />
</bean>
<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
<property name="url" value="ldap://xxx.xxx.xxx.xxx:389" />
<property name="userDn" value="myName@xxx.xxx" />
<property name="password" value="password" />
</bean>
The java code to authenticate the user is :
public boolean login(String username, String password) {
AndFilter filter = new AndFilter();
this.ldapTemplate.setIgnorePartialResultException(true); // Active Directory doesn’t transparently handle referrals. This fixes that.
filter.and(new EqualsFilter("objectCategory","****"));
filter.and(new EqualsFilter("objectClass","****"));
filter.and(new EqualsFilter("sAMAccountName", username));
return this.ldapTemplate.authenticate("OU=myBaseOu,DC=xyz,DC=def", filter.encode(), password);
}
The same works with Linux open Ldap v3 also even if I don't set userDn and password property inside contextSource bean.
All I need is to configure this xml such that I can access Active Directory as anonymous user(Without setting userDn and password).
Also I need to authenticate user through SSL. For that I used
<property name="url" value="ldaps://xxx.xxx.xxx.xxx:636" />
but I got exception like:
Exception in thread "main" org.springframework.ldap.CommunicationException: simple bind failed: 192.168.0.13:636; nested exception is javax.naming.CommunicationException: simple bind failed: 192.168.0.13:636 [Root exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]
While searching though, I got solution that I need to point out the keystore where the certificates are stored. Here I'm not sure where to this(Either in java class or in xml file).
Your quick response will be appreciated. Thanks.
回答1:
I did some research and found other applications having similar issues.
- Make sure you have imported your certificates into the keystore according to the Connect to LDAP or Other Services Via SSL instructions.
- Make sure any certificates have been imported into the correct keystore; you may have multiple JDKs.
回答2:
Some addition on DevZer0's answer on my SSL issue.
Just follow the instruction given in this link to get the certificate and put it into the jre\lib\security\ folder.
http://www.mkyong.com/webservices/jax-ws/suncertpathbuilderexception-unable-to-find-valid-certification-path-to-requested-target/
来源:https://stackoverflow.com/questions/17084534/active-directory-authentication-through-ssl-as-anonymous-user