春天ActiveDirectoryLdapAuthenticationProvider handleBindException - 提供的密码是无效的错误 [英] Spring ActiveDirectoryLdapAuthenticationProvider handleBindException - Supplied password was invalid error

问题描述

我们正在尝试使用Spring Security对我们的企业LDAP身份验证。我使用 ActiveDirectoryLdapAuthenticationProvider 。下面是Spring配置文件中的片段：

We are trying to use Spring security for authenticating against our enterprise LDAP. I'm using ActiveDirectoryLdapAuthenticationProvider. Below is the snippet from the Spring config file:

<security:authentication-manager erase-credentials="true">
    <security:authentication-provider  ref="ldapActiveDirectoryAuthProvider"/>
</security:authentication-manager>

<bean id="ldapActiveDirectoryAuthProvider" class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<constructor-arg value="DC=xxx,DC=ds,DC=yyy,DC=com" />  
<constructor-arg value="ldap://xxx.ds.yyy.com:389" />
<property name="convertSubErrorCodesToExceptions" value="true"/>
</bean>

我收到： ActiveDirectoryLdapAuthenticationProvider handleBindException Active Directory身份验证失败：提供的密码是无效的错误的

我的理解是，这是因为LDAP绑定失败，因为它正在寻找用户DN /凭据。我们如何指定配置文件中的这些信息？

My understanding is that, this is because LDAP bind is failing as it is looking for userDN/credentials. How do we specify this information in the configuration file?

在此之前使用 ActiveDirectoryLdapAuthenticationProvider ，我已经使用了这个工作＆LT; LDAP身份验证提供者＆GT; 和 DefaultSpringSecurityContextSource 。我能够在配置 DefaultSpringSecurityContextSource bean来指定用户DN /密码。谁能告诉我如何指定用户DN和密码，而使用配置 ActiveDirectoryLdapAuthenticationProvider ？

Prior to using ActiveDirectoryLdapAuthenticationProvider, I had got this working using <ldap-authentication-provider> and DefaultSpringSecurityContextSource. I was able to specify the userDN/password while configuring the DefaultSpringSecurityContextSource bean. Can someone tell me how to specify the userDn and password while configuring using ActiveDirectoryLdapAuthenticationProvider?

推荐答案

看起来你可能会有点无所适从 ActiveDirectoryLdapAuthenticationProvider 不和<一href="http://docs.spring.io/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#d0e6795"相对=nofollow>如何配置它。它结合的形式使用电子邮件一样的名字 user@domain.com ，其中 domain.com 的参数，你'已经在第一个构造函数中提供。它不使用标准的LDAP DN。这是具体到Active Directory，而不是标准的LDAP的一部分。 你可能也想看看<一href="https://github.com/spring-projects/spring-security/blob/master/ldap/src/main/java/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java"相对=nofollow>来源和Javadoc的类。

It looks like you might be a bit confused about what ActiveDirectoryLdapAuthenticationProvider does and how to configure it. It binds using an email-like name in the form user@domain.com where domain.com is the argument you've supplied in the first constructor. It doesn't use a standard LDAP DN. This is specific to Active Directory and not part of standard LDAP. You might also want to take a look at the source and Javadoc for the class.

如果你已经有了一个标准的LDAP认证配置您的设置工作，那么它是不明确的，你为什么会想改变。你可能会更好坚持使用你所拥有的，因为它不会与直接兼容 ActiveDirectoryLdapAuthenticationProvider 。

If you already had a standard LDAP authentication configuration working with your setup, then it's not clear why you would want to change. You're probably better sticking with what you have as it won't be directly compatible with ActiveDirectoryLdapAuthenticationProvider.

这篇关于春天ActiveDirectoryLdapAuthenticationProvider handleBindException - 提供的密码是无效的错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！