olahell
Reputation: 2081
Spring Security LDAP Authentication throws NO_ATTRIBUTE_OR_VAL error
I can't authenticate against a real LDAP/AD when following spring.io guide: https://spring.io/guides/gs/authenticating-ldap/
The problem I get when autentication agains a real AD/LADP is:
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; nested exception is javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; remaining name 'CN=olahell,OU=Consultants,OU=Production,OU=Company'
Below is my java auth config:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.contextSource()
.url("ldap://company-dc02.company.local:389/dc=company,dc=local")
.managerDn("CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local")
.managerPassword("myPassword")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
Upvotes: 2
Views: 1855
Answers (1)
olahell
Reputation: 2081
What I needed to do was to use BindAuthenticator, LDAP should be configured as below:
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
String ldapServerUrl = "ldap://company-dc02.bergsala.local:389/dc=company,dc=local";
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapServerUrl);
String ldapManagerDn = "CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local";
contextSource.setUserDn(ldapManagerDn);
String ldapManagerPassword = "myPassword";
contextSource.setPassword(ldapManagerPassword);
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch("", "(&(objectClass=user)(sAMAccountName={0}))", contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new EmsLdapAuthoritiesPopulator(contextSource, ""));
return ldapAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
NOTE: EmsLdapAuthoritiesPopulator extends DefaultLdapAuthoritiesPopulator and overrrides #getAdditionalRoles to enable me to set extra roles to user.
Upvotes: 5
Related Questions
- LDAP authentication using Spring security 2.0.3
- LDAP authentication failed:data 52e
- Spring Security with LDAP - error after login
- spring-ldap NameNotFoundException no such object
- Spring Security LDAP authentication: exception while not specifying OUs
- Spring Security LDAP Authentication Error - Authentication exception instead of Password Lock
- Spring Security + LDAP always returns BadCredentialsException
- LDAP Authentication with Spring Security 3
- Exception while authenticating user using Spring LDAP
- Spring security ldap: no declaration can be found for element 'ldap-authentication-provider'