Mehdi Rahimi
Reputation: 2566
Spring Security LDAP Server returns 401 Unauthorized
I'm trying to connect to an online LDAP test server using LdapUserDetailsManager (spring-security-ldap version 6).
Link of the online LDAP server is (for more information): https://www.forumsys.com/2022/05/10/online-ldap-test-server/
LDAP Server Information:
- Server: ldap.forumsys.com
- Port: 389
- Bind DN: cn=read-only-admin,dc=example,dc=com
- Bind Password: password
- All user passwords are password.
- ou=mathematicians,dc=example,dc=com
- uid: riemann or euler or euclid ...
This is my config class:
@Configuration
public class ProjectConfig {
@Bean
public UserDetailsService userDetailsService() {
var cs = new DefaultSpringSecurityContextSource("ldap://ldap.forumsys.com:389/dc=example,dc=com");
cs.setUserDn("cn=read-only-admin,dc=example,dc=com");
cs.setPassword("password");
cs.afterPropertiesSet()
LdapUserDetailsManager manager = new LdapUserDetailsManager(cs);
manager.setUsernameMapper(
new DefaultLdapUsernameToDnMapper("dc=example,dc=com", "uid"));
manager.setGroupSearchBase("ou=mathematicians");
return manager;
}
@Bean
public PasswordEncoder passwordEncoder() {
return NoOpPasswordEncoder.getInstance();
}
}
The cURL request:
curl -u "riemann:password" -X GET http://localhost:8080
But I got 401 Unauthorized.
Part of the debug log:
AuthenticationSource not set - using default implementation
Using LDAP pooling.
Trying provider Urls: ldap://ldap.forumsys.com:389/dc=example,dc=com
AuthenticationSource not set - using default implementation
Property 'userDn' not set - anonymous context will be used for read-write operations
Not using LDAP pooling
...
...
Got Ldap context on server 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
Loading user 'riemann' with DN 'uid=riemann,dc=example,dc=com'
Got Ldap context on server 'ldap://ldap.forumsys.com:389/dc=example,dc=com'
Failed to find user 'riemann'
Failed to process authentication request
org.springframework.security.authentication.BadCredentialsException: Bad credentials
What's wrong with this code segment?
Upvotes: 0
Views: 44
Answers (0)
Related Questions
- Difference between Role and GrantedAuthority in Spring Security
- When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?
- Spring boot Security Disable security
- SpringBoot 401 UnAuthorized even with out security
- How Spring Security Filter Chain works
- 401 Unauthorized on authenticationManager.authenticate() (Spring Security)
- LDAP Spring Security NullPointer in LdapUserDetailsImpl.hashCode
- Spring Security LDAP and Remember Me
- Spring security access role basics