没有managerDN和管理员密码的LDAP身份验证 [英] LDAP authentication without managerDN and manager password

问题描述

我正在Java Spring框架中编写应用程序以执行Active Directory LDAP身份验证. 我已成功连接到我的组织LDAP.

I am writing an application in Java Spring framework to perform Active Directory LDAP authentication. I am succeeding in connecting to my organization LDAP.

以下是配置设置:Spring-security.xml

Here is the configuration settings:Spring-security.xml

<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true"
    access-denied-page="/oops">

    <security:intercept-url pattern="/auth/*"
        access="isAuthenticated()" />


    <security:logout invalidate-session="true"
        logout-success-url="/" logout-url="/logout" />

</security:http>

<security:authentication-manager>
    <security:ldap-authentication-provider
        user-search-filter="(&amp;(sAMAccountname={0})(objectCategory=user))"
        user-search-base="DC=am, DC=example, DC=com" group-search-filter="(&amp;(sAMAccountname={0})(objectCategory=group))"
        group-search-base="DC=am, DC=example, DC=com">
    </security:ldap-authentication-provider>
</security:authentication-manager>




<security:ldap-server url="ldaps://myserver.am.example.com:4567"
manager-dn="CN=Johnson \, Mitchell, OU=San Francisco,DC=am,DC=example,DC=com"
manager-password="sdvsdvsvs" />

我的问题是，在不提供security:ldap-server标记中提供manager-dn和manager-password的情况下，有什么方法可以对LDAP进行身份验证. 请为此提供解决方案.谢谢.

My question here is that,is there any way to authenticate LDAP without supplying manager-dn and manager-password in security:ldap-server tag. Please provide a solution to this.Thanks in advance.

推荐答案

是可以的:您可以让实际登录的用户自己连接到LDAP来测试其凭据并获取其用户数据.

Yes it is possible: you can let the user who is actualy logging in connecting to the LDAP himself to test his credential and fetch its userdata.

AuthenticationManager配置:

AuthenticationManager configuration:

@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
    ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
    activeDirectoryLdapAuthenticationProvider.setSearchFilter(searchFilter);
    auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider);
}

Spring安全性有两件事:

Spring security does two things:

• 让用户使用其用户名和密码登录
• 查找用户以获取用户信息，组等.对于此步骤，您必须指定一个searchFilter，它可以根据用户名来查找用户，例如"userPrincipalName = {0}"，其中{0}是提供的用户名

这篇关于没有managerDN和管理员密码的LDAP身份验证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！