spring - Spring Security LDAP 身份验证抛出 NO_ATTRIBUTE_OR_VAL 错误
问题描述
遵循 spring.io 指南时,我无法针对真正的 LDAP/AD 进行身份验证:https ://spring.io/guides/gs/authenticating-ldap/
对真正的AD/LADP 进行身份验证时遇到的问题是:
org.springframework.security.authentication.InternalAuthenticationServiceException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; nested exception is javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00002080: AtrErr: DSID-03080155, #1:
0: 00002080: DSID-03080155, problem 1001 (NO_ATTRIBUTE_OR_VAL), data 0, Att 23 (userPassword)
]; remaining name 'CN=olahell,OU=Consultants,OU=Production,OU=Company'
下面是我的 java auth 配置:
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.userSearchFilter("(&(objectClass=user)(sAMAccountName={0}))")
.contextSource()
.url("ldap://company-dc02.company.local:389/dc=company,dc=local")
.managerDn("CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local")
.managerPassword("myPassword")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
解决方案
我需要做的是使用BindAuthenticator
,LDAP应该配置如下:
@Bean
public AuthenticationProvider ldapAuthenticationProvider() throws Exception {
String ldapServerUrl = "ldap://company-dc02.bergsala.local:389/dc=company,dc=local";
DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(ldapServerUrl);
String ldapManagerDn = "CN=olahell,OU=Consultants,OU=Production,OU=Company,DC=company,DC=local";
contextSource.setUserDn(ldapManagerDn);
String ldapManagerPassword = "myPassword";
contextSource.setPassword(ldapManagerPassword);
contextSource.setReferral("follow");
contextSource.afterPropertiesSet();
LdapUserSearch ldapUserSearch = new FilterBasedLdapUserSearch("", "(&(objectClass=user)(sAMAccountName={0}))", contextSource);
BindAuthenticator bindAuthenticator = new BindAuthenticator(contextSource);
bindAuthenticator.setUserSearch(ldapUserSearch);
LdapAuthenticationProvider ldapAuthenticationProvider = new LdapAuthenticationProvider(bindAuthenticator, new EmsLdapAuthoritiesPopulator(contextSource, ""));
return ldapAuthenticationProvider;
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.authenticationProvider(ldapAuthenticationProvider());
}
注意:EmsLdapAuthoritiesPopulator
扩展DefaultLdapAuthoritiesPopulator
和覆盖#getAdditionalRoles
以使我能够为用户设置额外的角色。
推荐阅读
- python - Python findall 使用带有逻辑 AND 的 xpath 模式
- python - 无法导入 tpot:ImportError:无法导入名称“ensure_object”
- java - 在java中创建泛型方法
- jmeter - 带有 BLOB 参数的 Jmeter JDBC 调用存储过程
- r - 如何使geom_ribbon在ggplot2中具有渐变颜色
- laravel - Laravel:登录表单“记住我”功能不起作用
- python-3.x - 将值分配给数据帧中的新列出现错误“试图在数据帧的切片副本上设置值”
- java - 继承抽象类的抽象类中的模拟方法
- microsoft-graph-api - 使用 Azure B2C 活动目录在用户级别进行 2FA 身份验证
- webpack - Nuxt - 如何将图标复制到 dist 文件夹?