Spring Security AD LDAP:错误代码 1 - 000004DC:LdapErr:DSID-0C0906E8 [英] Spring Security AD LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8

问题描述

我正在尝试从 Spring Security 连接 Ldap，但出现连接错误.有人可以建议这种配置有什么问题吗，

I am trying to connect Ldap from spring security, getting connection errors. Could some one suggest what is wrong with this configuration,

UsernamePasswordAuthenticationFilter - 尝试对用户进行身份验证时发生内部错误.org.springframework.security.authentication.InternalAuthenticationServiceException:LDAP 处理过程中发生未分类的异常；嵌套异常是 javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: 为了执行此操作，必须在连接上完成成功的绑定., data 0, v1db1];剩余名称 'ou=Users,dc=aaa,dc=bbb,dc=ccc,dc=dddd'在 org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)

UsernamePasswordAuthenticationFilter - An internal error occurred while trying to authenticate the user. org.springframework.security.authentication.InternalAuthenticationServiceException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name 'ou=Users,dc=aaa,dc=bbb,dc=ccc,dc=dddd' at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:191)

配置文件有，

<sec:authentication-manager alias="myAuthenticationManager">
    <sec:authentication-provider ref="myAuthenticationProvider"/>
</sec:authentication-manager>

<bean id="myAuthenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg ref="ldapBindAuthenticator"/>
    <constructor-arg ref="ldapAuthoritiesPopulator"/>
</bean>

<bean id="ldapBindAuthenticator" class="org.springframework.security.ldap.authentication.BindAuthenticator">
    <constructor-arg ref="contextSource" />
    <property name="userSearch" ref="userSearch"/>
</bean>

<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
    <constructor-arg index="0" value="ou=Users,dc=aaa,dc=bbb,dc=ccc,dc=dddd"/>
    <constructor-arg index="1" value="(sAMAccountName={0})"/>
    <constructor-arg index="2" ref="contextSource"/>
    <property name="searchSubtree" value="true"/>
</bean>

<bean id="ldapAuthoritiesPopulator" class="com.xxxx.MyLdapAuthoritiesPopulator">
    <property name="userDao" ref="userDao"/>
</bean>

<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldaps://aaa.com:123/DC=aa,DC=bb,DC=cc,DC=dd"/>
    <property name="base" value="DC=aa,DC=bb,DC=cc,DC=dd" />
    <!-- <property name="anonymousReadOnly" value="true"/> -->

</bean>

推荐答案

假设用户尝试使用用户名 XXX 和密码 YYY 登录.通常 LDAP 身份验证的工作方式如下:

Lets assume user is trying to login with username XXX and password YYY. Usually LDAP authentication works like this:

1. 使用技术帐户绑定到 LDAP
2. 搜索用户名为 XXX 的用户 => 获取他的 DN
3. 尝试使用找到的 DN 和密码 YYY 绑定到 LDAP

您的错误表明您没有正确执行第一步(技术帐户绑定).

Your error is suggesting that you didnt't do the first step (technical account binding) correctly.

尝试将 userDn 和密码添加到您的上下文源中(这是来自 官方 JavaDoc):

Try adding userDn and password to your context source (this is from the official JavaDoc):

<bean id="contextSource"
        class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://monkeymachine:389/dc=springframework,dc=org"/>
    <property name="userDn" value="cn=manager,dc=springframework,dc=org"/>
    <property name="password" value="password"/>
</bean>

这篇关于Spring Security AD LDAP:错误代码 1 - 000004DC:LdapErr:DSID-0C0906E8的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！