如何深入LDAP树以查找可以在Spring ldap安全性中进行身份验证的用户 [英] How to deep into the LDAP tree to find a user who can authenticate in spring ldap security
问题描述
我想使用Spring Security ldap认证.但是我想递归遍历ldap树.不幸的是,我只能找到一个级别或深度的用户.
I want to use spring security ldap authentication. However I would like to traverse ldap tree recursively. Unfortunately I can find a user only one level or depth.
例如,我的用户树如下所示:
For example , my user tree likes below:
ouUsers:具有用户(user1,user2等)和子树(ouGenel,ouYatay).
ouUsers: has users (user1, user2 etc) and subtrees (ouGenel, ouYatay).
并且子树具有子树和用户.
And subtrees have subtrees and users.
我想递归遍历ldap树以在Spring安全项目中进行身份验证.
I would like to traverse the ldap tree recursively to authenticate in spring security project.
下面是我的春季认证代码,我应该在代码中进行哪些更改? :
My spring authencation code is below, what should I change in my code? :
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("CN={0},OU=ouUsers")
.groupSearchBase("ou=ouUsers")
.contextSource()
.url(url+"/"+base)
.managerDn(dn)
.managerPassword(password)
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("sn");
}
谢谢
推荐答案
您需要使用userSearchFilter()和userSearchBase()而不是userDnPatterns().
-
userDnPatterns尝试通过以提供的模式替换用户登录名,并从LDAP URL追加基本,来匹配DN.
userDnPatternstries to match a DN by substituting the user login name in the supplied pattern, appending the base from the LDAP url.
如果所有用户都存储在单个节点下中,则可以 目录.
This is OK if all your users are stored under a single node in the directory.
另一方面,
userSearchFilter()可用于匹配常规请求中的登录名,并在特定基础下搜索树(默认SearchScope = SUBTREE).可以选择使用userSearchBase()设置用户输入所在的分支rdn,并从该分支执行搜索.如果未指定,则搜索将包括从LDAP URL的基本dn开始的整个目录.
userSearchFilter() on the other hand can be used to match the login name in a regular request, searching down the tree (default SearchScope =SUBTREE) under a certain base. userSearchBase() can optionally be used to set a branch rdn where user entries are located and from which to perform the search. If not specified, the search includes the entire directory starting from the base dn of the LDAP url.
将userDnPatterns()替换为以下内容应该可以:
Replacing userDnPatterns() with the following should be ok :
.userSearchBase('ou=ouUsers')
.userSearchFilter('(cn={0})')
https://docs .spring.io/spring-security/site/docs/3.0.x/reference/ldap.html#d0e5940
这篇关于如何深入LDAP树以查找可以在Spring ldap安全性中进行身份验证的用户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
