Spring LDAP - 绑定成功连接 [英] Spring LDAP - bind for successful connection

问题描述

我正在尝试使用 Spring LDAP 和 Spring 安全性进行身份验证，然后查询我们的公司 LDAP.我设法使身份验证工作，但是当我尝试运行搜索时，我总是得到以下异常

I'm trying to authenticate and then query our corporate LDAP using Spring LDAP and Spring security. I managed to make authentication work but when I attempt to run search I always get the following exception

为了执行此操作，必须在连接上完成成功的绑定

In order to perform this operation a successful bind must be completed on the connection

经过大量研究，我有一个理论，即在我进行身份验证之后，在我可以查询之前，我需要绑定到连接.我只是不知道什么以及如何?

After much research I have a theory that after I authenticate and before I can query I need to bind to connection. I just don't know what and how?

顺便提一下 - 我可以使用 JXplorer 成功浏览和搜索我们的 LDAP，所以我的参数是正确的.

Just to mention - I can successfully browse and search our LDAP using JXplorer so my parameters are correct.

这是我的 securityContext.xml 的部分

Here's section of my securityContext.xml

<security:http auto-config='true'>
    <security:intercept-url pattern="/reports/goodbye.html" 
            access="ROLE_LOGOUT" />
    <security:intercept-url pattern="/reports/**" access="ROLE_USER" />
    <security:http-basic />
    <security:logout logout-url="/reports/logout" 
            logout-success-url="/reports/goodbye.html" />
</security:http>
<security:ldap-server url="ldap://s140.foo.com:1389/dc=td,dc=foo,dc=com" />
<security:authentication-manager>
    <security:authentication-provider ref="ldapAuthProvider">
</security:authentication-provider>
</security:authentication-manager>
<!-- Security beans -->
<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <constructor-arg value="ldap://s140.foo.com:1389/dc=td,dc=foo,dc=com" />
</bean>
<bean id="ldapAuthProvider" 
   class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
    <constructor-arg>
        <bean class="foo.bar.reporting.server.security.ldap.LdapAuthenticatorImpl">
            <property name="contextFactory" ref="contextSource" />
            <property name="principalPrefix" value="TD" />
            <property name="employee" ref="employee"></property>
        </bean>
    </constructor-arg>
    <constructor-arg>
      <bean class="foo.bar.reporting.server.security.ldap.LdapAuthoritiesPopulator" />
    </constructor-arg>
</bean>
<!-- DAOs -->
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate">
  <constructor-arg ref="contextSource" />

这是来自 LdapAuthenticatorImpl 的执行身份验证的代码片段.这里没问题:

Here's code snippet from LdapAuthenticatorImpl that performs authentication. No problem here:

@Override
public DirContextOperations authenticate(final Authentication authentication) {
    // Grab the username and password out of the authentication object.
    final String name = authentication.getName();
    final String principal = this.principalPrefix + name;
    String password = "";
    if (authentication.getCredentials() != null) {
        password = authentication.getCredentials().toString();
    }
    if (!("".equals(principal.trim())) && !("".equals(password.trim()))) {
        final InitialLdapContext ldapContext = (InitialLdapContext)
     this.contextFactory.getContext(principal, password);
        // We need to pass the context back out, so that the auth provider 
        // can add it to the Authentication object.
        final DirContextOperations authAdapter = new DirContextAdapter();
        authAdapter.addAttributeValue("ldapContext", ldapContext);
        this.employee.setqId(name);
        return authAdapter;
    } else {
        throw new BadCredentialsException("Blank username and/or password!");
    }
}

这是来自 EmployeeDao 的另一个代码片段，我尝试查询是徒劳的:

And here's another code snippet from EmployeeDao with my futile attempt to query:

public List<Employee> queryEmployeesByName(String query) 
   throws BARServerException {
    AndFilter filter = new AndFilter();
    filter.and(new EqualsFilter("objectclass", "person"));
    filter.and(new WhitespaceWildcardsFilter("cn", query));
    try {
        // the following line throws bind exception
        List result = ldapTemplate.search(BASE, filter.encode(), 
            new AttributesMapper() {
            @Override
            public Employee mapFromAttributes(Attributes attrs) 
                throws NamingException {
                Employee emp = new Employee((String) attrs.get("cn").get(), 
                   (String) attrs.get("cn").get(),
                        (String) attrs.get("cn").get());
                return emp;
            }
        });
        return result;
    } catch (Exception e) { 
        throw new BarServerException("Failed to query LDAP", e);
    }
}

最后 - 我得到的例外

And lastly - the exception I'm getting

org.springframework.ldap.UncategorizedLdapException: 
    Uncategorized exception occured during LDAP processing; nested exception is 
    javax.naming.NamingException: [LDAP: error code 1 - 00000000: LdapErr: 
    DSID-0C090627, comment: In order to perform this operation a successful bind 
    must be completed on the connection., data 0, vece]; remaining name 
    'DC=TD,DC=FOO,DC=COM'

推荐答案

您的 LDAP 似乎已配置为不允许在未绑定的情况下进行搜索(无匿名绑定).您还实现了 PasswordComparisonAuthenticator 而不是 BindAuthenticator 到 对 LDAP 进行身份验证.

It looks like your LDAP is configured to not allow a search without binding to it (no anonymous bind). Also you have implemented PasswordComparisonAuthenticator and not BindAuthenticator to authenticate to LDAP.

您可以尝试修改您的 queryEmployeesByName() 方法以绑定然后搜索，查看 doc.

You could try modifying your queryEmployeesByName() method to bind and then search, looking at some examples in the doc.

这篇关于Spring LDAP - 绑定成功连接的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！