我在使用 Spring Boot 连接到 LDAP Active Directory 时遇到问题。我一直在使用我们的Grails 2应用程序中的值,但一定缺少一些东西。
圣杯 2 值示例
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugin.springsecurity.ldap.context.managerDn = 'manager@domain.local'
grails.plugin.springsecurity.ldap.context.managerPassword = 'password'
grails.plugin.springsecurity.ldap.context.server = 'ldap://domain.local:389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'ou=users,dc=domain,dc=local'
grails.plugin.springsecurity.ldap.search.filter = "sAMAccountName={0}"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName']
grails.plugin.springsecurity.providerNames = ['customAuthenticationProvider','ldapAuthProvider']
这是我在Spring Boot中尝试过的众多变体之一。我很肯定它没有正确搜索经理/密码。
@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest().fullyAuthenticated()
.and()
.formLogin();
}
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.contextSource().url("ldap://domain.local:389")
.managerDn("uid=manager@domain.local,ou=users")
.managerPassword("password")
.and()
.userSearchBase("ou=users,dc=domain,dc=local")
.userDnPatterns("sAMAccountName={0}");
}
}
build.gradle ldap dependencies
compile("org.springframework.ldap:spring-ldap-core")
compile("org.springframework.security:spring-security-ldap")
compile("com.unboundid:unboundid-ldapsdk")
通过像这样设置它来让它工作:
auth.ldapAuthentication()
.contextSource().url("ldap://domain.local:389/ou=users,dc=domain,dc=local")
.managerDn("manager@domain.local").managerPassword("password")
.and()
.userSearchFilter("sAMAccountName={0}");