I was thinking that there is a way to configure the Spring Security LDAP plugin to not standardize standard authentication, But as follows:
If a LDAP is able to connect to the server and login, the user has been authenticated. Read authorization from this user's account on LDAP (this is probably the default behavior) Instead of having a master configured core account, the user actually passed / passed the user Login (which allows the user to get other data if successful)
Thank you in advance!
Hope you are still searching for it. It is a good step in the right direction as it seems that the BindAuthenticator is not to use the security context source, you will have to change the authorities. I believe the default populor uses a connection pool with the proper administrator account.
Here is a sample of a setup that is a BindAuthenticator and a Custom Administrator.
& lt; Bean id = "authPopulator" class = "org.springframework.security.ldap.populator.CustomLadapAuthoritiesPopulator" & gt; & Lt; Constructor-arg ref = "securitycontaxassource" /> & Lt; Constructor-arg value = "ou = roles, o = data" /> & Lt; Property Name = "GroupAllAttribute" Value = "Resource Group Type" /> & Lt; Property Name = "Group Search Filter" value = "Member = {0}" /> & lt; / Bean & gt; & Lt; Bean id = "ldap-authentication-provider" class = "org.springframework.security.providers.ldap.LdapAuthenticationProvider" & gt; & Lt; Manufacturer-Arg & gt; & Lt; Bean class = "org.springframework.security.providers.ldap.authenticator.BindAuthenticator" & gt; & Lt; Constructor-arg ref = "securitycontaxassource" /> & Lt; Property Name = "userDnPatterns" & gt; & Lt; List & gt; & Lt; Price & gt; Cn = {0}, ou = users, o = system & lt; / Pricing & gt; & Lt; Price & gt; Cn = {0}, ou = users, o = xyz & lt; / Pricing & gt; & Lt; Price & gt; Cn = {0}, ou = users, ou outer =, o = xyz & lt; / Pricing & gt; & Lt; / List & gt; & Lt; / Property & gt; & Lt; Property Name = "User Search" Reference = "User Search" & gt; & Lt; / Property & gt; & Lt; / Bean & gt; & Lt; / Creator-arg & gt; & Lt; Constructor-arg ref = "authPopulator" /> & Lt; S: Custom-authentication-provider / & gt; & Lt; / Bean & gt; Here is my reference source def:
& Lt; Property name = "userDn" value = "cn = admin, or = user, o = xyz" /> & Lt; Property Name = "Password" Value = "Password" /> & Lt; / Bean & gt; I decided to test the reference source without any username and password and it seems to work partially here my log output is here.
[Java] - Authentication success: org.springframework.security.providers.UsernamePasswordAuthenticationToken@79107ad5: Principal: org.springframework.security.userdetails.ldap.LdapUserDetailsImpl@3d1a70a7: Username: Internal User ; password protected]; Enabled: true; AccountNonExpired: True; CredentialsNone affected: true; Account Lock: True; Authorized Authorization: ROLE_USER; password protected]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIP address: 0: 0: 0: 0: 0: 0: 0: 1; Session ID: a2a3a505521919d529e75c6d14081f6b; Authorized Officers: ROLE_USER [JAVA] - To include the security ConsortHoldHolder to update the following authentication: 'org.springframework.security.providers.UsernamePasswordAuthenticationToken@79107ad5: Principal: org.springframework.security.userdetails.ldap.LdapUserDetailsImpl@3d1a70a7 : Username: internalUser; password protected]; Enabled: true; AccountNonExpired: True; CredentialsNone affected: true; Account Lock: True; Authorized Authorization: ROLE_USER; password protected]; Authenticated: true; Details: org.springframework.security.ui.WebAuthenticationDetails@0: RemoteIP address: 0: 0: 0: 0: 0: 0: 0: 1; Session ID: a2a3a505521919d529e75c6d14081f6b; Authorized Authorization: ROLE_USER ' I have not received any errors, but it does not populate all the roles. This may be a problem with an eDirectory permission or you can create your own official's popular The populator can pass the user decaractext.
Comments
Post a Comment