没有 managerDN 和 manager 密码的 LDAP 身份验证 [英] LDAP authentication without managerDN and manager password
问题描述
我正在 Java Spring 框架中编写一个应用程序来执行 Active Directory LDAP 身份验证.我已成功连接到我的组织 LDAP.
I am writing an application in Java Spring framework to perform Active Directory LDAP authentication. I am succeeding in connecting to my organization LDAP.
这里是配置设置:Spring-security.xml
Here is the configuration settings:Spring-security.xml
<!-- This is where we configure Spring-Security -->
<security:http auto-config="true" use-expressions="true"
access-denied-page="/oops">
<security:intercept-url pattern="/auth/*"
access="isAuthenticated()" />
<security:logout invalidate-session="true"
logout-success-url="/" logout-url="/logout" />
</security:http>
<security:authentication-manager>
<security:ldap-authentication-provider
user-search-filter="(&(sAMAccountname={0})(objectCategory=user))"
user-search-base="DC=am, DC=example, DC=com" group-search-filter="(&(sAMAccountname={0})(objectCategory=group))"
group-search-base="DC=am, DC=example, DC=com">
</security:ldap-authentication-provider>
</security:authentication-manager>
<security:ldap-server url="ldaps://myserver.am.example.com:4567"
manager-dn="CN=Johnson , Mitchell, OU=San Francisco,DC=am,DC=example,DC=com"
manager-password="sdvsdvsvs" />
我的问题是,有没有办法在 security:ldap-server 标记中不提供 manager-dn 和 manager-password 的情况下验证 LDAP.请提供解决方案.提前致谢.
My question here is that,is there any way to authenticate LDAP without supplying manager-dn and manager-password in security:ldap-server tag. Please provide a solution to this.Thanks in advance.
推荐答案
是的,有可能:您可以让实际登录的用户自己连接到 LDAP 来测试他的凭据并获取其用户数据.
Yes it is possible: you can let the user who is actualy logging in connecting to the LDAP himself to test his credential and fetch its userdata.
AuthenticationManager 配置:
AuthenticationManager configuration:
@Override
protected void configure(final AuthenticationManagerBuilder auth) throws Exception {
ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider = new ActiveDirectoryLdapAuthenticationProvider(domain, url, rootDn);
activeDirectoryLdapAuthenticationProvider.setSearchFilter(searchFilter);
auth.authenticationProvider(activeDirectoryLdapAuthenticationProvider);
}
Spring 安全性做了两件事:
Spring security does two things:
- 让用户用他的用户名和密码登录
- 查找用户以获取用户信息、组等.对于此步骤,您必须指定一个可以根据用户名查找用户的 searchFilter,例如userPrincipalName={0}",其中 {0} 是提供的用户名.
这篇关于没有 managerDN 和 manager 密码的 LDAP 身份验证的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!