Search code examples
spring-bootspring-securityactive-directoryspring-ldap

Spring ActiveDirectoryLdapAuthenticationProvider issue - Getting Supplied password was invalid

Please take a look on configuration as shown below:

 ldap.urls=ldap://***.***.local:8389
    ldap.base.dn=dc=test,dc=com
    ldap.user.dn.pattern=(&(objectClass=user)(userPrincipalName={0})(memberof=CN=Group Name,OU=***,OU=****,DC=test,DC=com))

WebSecurityConfig.java

 @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.url}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;

        @Override
        protected void configure(HttpSecurity http) throws Exception {


            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);

            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
                adProvider.setSearchFilter(this.ldapUserDnPattern);
            }

            auth.authenticationProvider(adProvider);

        }

    }

Can someone please tell me how to specify the userDn and password while configuring using ActiveDirectoryLdapAuthenticationProvider?

Solution

  • define ldap.domain=test.com in your properties.

     @Configuration
    public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

        private final static Logger log = LogManager.getLogger(WebSecurityConfig.class);

        @Value("${ldap.url}")
        private String ldapUrl;

        @Value("${ldap.base.dn}")
        private String ldapBaseDN;

        @Value("${ldap.domain}")
        private String ldapDomain;

        @Value("${ldap.user.dn.pattern}")
        private String ldapUserDnPattern;

        @Override
        protected void configure(HttpSecurity http) throws Exception {


            http.authorizeRequests().anyRequest().fullyAuthenticated().and().httpBasic();
        }

        @Override
        protected void configure(AuthenticationManagerBuilder auth) throws Exception {

            ActiveDirectoryLdapAuthenticationProvider adProvider = new ActiveDirectoryLdapAuthenticationProvider(
                    this.ldapDomain, this.ldapUrl, this.ldapBaseDN);

            adProvider.setConvertSubErrorCodesToExceptions(true);
            adProvider.setUseAuthenticationRequestCredentials(true);

            // Checks with the Distinguished Name pattern provided
            if (this.ldapUserDnPattern != null && this.ldapUserDnPattern.trim().length() > 0) {
                adProvider.setSearchFilter(this.ldapUserDnPattern);
            }

            auth.authenticationProvider(adProvider);

        }

    }