0

I am trying to test Active Directory authentication with Spring Boot. I have an Active Directory working and I can access to it via LDAP browsers for my admin user with that user dn:

CN=Administrator,CN=Users,DC=contoso,DC=com

I want to use LDAP as authentication manager at my application. Simple example from docs is as follows:

@Autowired
public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
    auth
            .ldapAuthentication()
            .userDnPatterns("CN={0},CN=Users,DC=contoso,DC=com")
            .groupSearchBase("ou=groups")
            .contextSource()
            .managerDn("CN=Administrator,CN=Users,DC=contoso,DC=com")
            .managerPassword("myadminpassword")
            .url("ldap://192.168.1.1:389");
}

First of all, should I provide admin password to connect Active Directory such a login?

Secondly, should I provide groupSearchBase and userDnPatterns and how?

Improve this question
0

1 Answer 1

Reset to default
3

  1. No. For accessing LDAP / Active Directory from your application, you should create a "browse user" in your user directory. The DN and password of the browse user should not be hardcoded, but e.g. in a configuration file of your application.

  2. This mainly depends on your LDAP / AD setup. In an Active Directory, the user names are usually stored in the attribute "sAMAccountName", which is not part of the user's DN, so userDnPatterns will not work. Instead, provide a user search filter, e.g. .userSearchFilter("(sAMAccountName={0})") (most probably you will need more, but the administrator of the directory should be able to tell you that). An additional userSearchBase may be helpful as well. But this is all not Spring-, but LDAP specific. Again, refer to your LDAP administrator for recommended values for the possible configuration items.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.