I'm starting with Spring LDAP and I am reading a lot of posts and starting to understand how this works. What im trying to do is a standard Login. And when the login is done manage the users at the java code by their LDAP (OU)/(member of) propperty. May also get the user roles at the actual Login.
My first simple login code:
<authentication-manager erase-credentials="true">
<authentication-provider ref="ldapActiveDirectoryAuthProvider"/>
</authentication-manager>
<beans:bean id="ldapActiveDirectoryAuthProvider"
class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="company.local" />
<beans:constructor-arg value="ldap://servername.company.local" />
</beans:bean>
Shall I use templates?
What bean id would be great to start to acomplish what i want to do?
Without LDIF?
Spring Security has a couple of samples that demonstrate how to authenticate with LDAP as the backend. Each sample uses an embedded LDAP server for ease of demonstration, but the configuration can be changed to point to an AD server. For roles, take a look at LdapAuthoritiesPopulator.
I'm not certain what you mean by templates, but you can specify a custom searchFilter like so:
<beans:bean id="ldapActiveDirectoryAuthProvider"
class= "org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
<beans:constructor-arg value="company.local" />
<beans:constructor-arg value="ldap://servername.company.local" />
<beans:property name="searchFilter" value="customUserAttribute={0}"/>
</beans:bean>
With the default being (&(objectClass=user)(userPrincipalName={0})).
LDIF only matters to Spring Security when you use the embedded server, which might come into play for you with integration testing.