0

I'm kind of newbie on Spring Boot and have a Jndi code that authenticates to an LDAP server just fine. But now i want to migrate my code to Spring LDAP, but get [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580] every time.

So my JNDI code looks something like this:

    public void connect(String userName, String pwd) throws NamingException, IllegalStateException {
    Hashtable<String, String> env = new Hashtable<String, String>();
    try {
        env.put(LdapContext.CONTROL_FACTORIES, "com.sun.jndi.ldap.ControlFactory");
        env.put(Context.SECURITY_PRINCIPAL, userName+"@domain.net);
        env.put(Context.SECURITY_CREDENTIALS, pwd);
        env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        env.put(Context.PROVIDER_URL,  "ldap://server:389");
        env.put(Context.SECURITY_AUTHENTICATION, "simple"); 
        context = new InitialDirContext(env); 
    } finally {
        if (context !=null) {
            log.info("Authentication successfull");
            try {
                context.close();
                context = null;
            } catch(NamingException ne) {
                log.error(ne.getMessage());
                ne.printStackTrace();
            }
        } else {
            throw new  IllegalStateException("Can't obtain LDAP context");
        }
    }
}

Very straightforward.

So far i have configured in my Spring boot application.properties file, the following:

spring.ldap.urls=Ldap://server:389
spring.ldap.embedded.credential.username=cn=ceadministrator
spring.ldap.embedded.credential.password=******
spring.ldap.embedded.base-dn=dc=domain,dc=net

Letting Spring Ldap manage the connection and initialization

Implemented this in order to search for some user:

    public List<User> getUser(String userName) throws NamingException, LDAPException {
    LdapQuery query = LdapQueryBuilder.query()
                        .searchScope(SearchScope.SUBTREE)
                        .timeLimit(3000)
                        .countLimit(10)
                        .attributes("cn")
                        .base(ldapConfig.getBase())
                        .where("objectClass").is("user")
                        .and("sAMAccountName").is(userName);
                        
    log.info("ldapTemplate: "+ldapTemplate);
    return ldapTemplate.search(query, new UserAttributesMapper());
}

private class UserAttributesMapper implements AttributesMapper<User> {
    @Override
    public User mapFromAttributes(Attributes attributes) throws NamingException {
        User user = new User();
        if (attributes == null) {
            log.warn("atttrs null");
            return user;
        }
        user.setFirstName((String) attributes.get("cn").get());
        Attribute sn = attributes.get("sAMAccountName");
        if (sn != null) {
            user.setUserName((String) sn.get());
        }
        return user;
    }
}

But it throws an AutheticationException:

javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C09044E, comment: AcceptSecurityContext error, data 52e, v2580

What am i missing/doing wrong?... Please help

Improve this question

1 Answer 1

Reset to default
0

Well finally i got it.

I discovered that SpringBoot offers an embedded LDAP server, inserting the "unboundid-ldapsdk" dependency into your pom.xml file. This is no my desired scenario, because i already had a production environment LDAP server to connect to.

So i simply needed to configure the following properties in my application.properties file like this:

spring.ldap.urls=Ldap://192.17.1.4:389
spring.ldap.base=ou=Organization,OU=Some users unit,dc=depr,dc=net
spring.ldap.username=administrator
spring.ldap.password=SomePassword

Understanding that the "Spring.ldap.base" is the base where my searches are going to start and has nothing to do with my administrator credentials.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.