使用LDAP的Spring安全认证 [英] Spring security authentication using LDAP

问题描述

我是Spring Security的新手，我已经尝试基于spring-security ldap示例运行示例应用程序.下面是我对applicationContext-security.xml的配置:

I am new to spring security and i've tried to run a sample application based on the spring-security ldap example. Below is my configuration of the applicationContext-security.xml:

<http>
        <intercept-url pattern="/Login.jsp" filters="none"></intercept-url>
        <intercept-url pattern="/nnn/**" access="ROLE_ADMIN" />
        <intercept-url pattern="/common/**" access="ROLE_USER" />
        <form-login login-page="/Login.jsp" authentication-failure-url="/Login.jsp?login_error=1"
                    default-target-url="/common/home.jsp"/>
        <logout logout-success-url="/Login.jsp" invalidate-session="true"/>
    </http>

    <authentication-manager>
        <ldap-authentication-provider group-search-filter="member={0}"
            group-search-base="ou=groups"
            user-search-base="ou=people"
            user-search-filter="uid={0}" />
            <authentication-provider ref='secondLdapProvider' />
    </authentication-manager>

    <ldap-server ldif="classpath:users.ldif"  port="33389"/>

    <b:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <b:constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
    </b:bean>

我已经按原样使用了user.ldif文件. 如果使用默认值，该应用程序将成功运行.但是，如果我在ldif文件和applicationContext-security.xml的contextSource bean中用其他任何值代替springframework(例如google)，则会收到以下错误:

I've used the user.ldif file as it is. The application runs successfully if I use the default values. But if I put any other value in place of springframework, say google, in the ldif file and in the contextSource bean in the applicationContext-security.xml, then I get the below error:

Your login attempt was not successful, try again.

Reason: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for SearchRequest baseDn :
'2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org' filter : '(0.9.2342.19200300.100.1.1=rod)' scope :whole
subtree typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : : Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org at
org.apache.directory.server.core.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:1082) at
org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:1037) at
org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:167) at 

有人可以告诉我为什么会出现上述错误...

Could someone please tell me why am I getting the above error...

这是ldif文件:

dn: ou=groups,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=rod,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: rod
userPassword: koala

dn: uid=dianne,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: dianne
userPassword: emu

dn: uid=scott,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Scott
sn: Wombat
uid: scott
userPassword: wombat

dn: cn=user,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=rod,ou=people,dc=google,dc=org
member: uid=dianne,ou=people,dc=google,dc=org
member: uid=scott,ou=people,dc=google,dc=org

dn: cn=teller,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: USER
member: uid=rod,ou=people,dc=google,dc=org
member: dianne=rod,ou=people,dc=google,dc=org

dn: cn=supervisor,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: ADMIN
member: uid=rod,ou=people,dc=google,dc=org

不是Google，而是示例应用程序原始文件中的springframework.我是否在其中缺少某些东西...

Instead of google, it was springframework in the original file from the sample application. Am I missing something in this...

推荐答案

您需要将root设置为所需的base-dn/后缀(在您的情况下为dc = google，dc = org)才能正常工作.因此，总共需要在三个地方进行更改:

You need to set root to desired base-dn/suffix (dc=google,dc=org, in your case) to get it to work. so, in all, there are three places where you need to make changes:

1. ldap服务器中的根
2. 上下文源定义
3. ldif文件

默认根目录是dc=springframework,dc=org，这就是为什么您在发布的示例中无需设置它的原因.要使用其他任何基本dn，请遵循以下示例ldap-server定义:

The default root is dc=springframework,dc=org that is why you did not need to set it in the example you posted. To use any other base dn, follow the example ldap-server definition below:

<security:ldap-server id="dummyLdap" ldif="classpath:users.ldif" port="33389" root="dc=stackoverflow,dc=com">

这篇关于使用LDAP的Spring安全认证的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！