Spring-Security Spring-LDAP 使用 sAMAccountName 属性与 Active Directory 绑定
我已经针对 LDAP/AD 设置了身份验证,并且工作正常。但现在我想知道是否可以使用 userDNPattern 中的 sAMAccountNAme 属性绑定 Active Directory?
由于某些 AD 配置会阻止未经身份验证的用户进行搜索,并且我无法请求用户来配置上下文 bean,因此我无法定义 org.springframework.security.ldap.search.FilterBasedLdapUserSearch 豆类:
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg>
<value></value>
</constructor-arg>
<constructor-arg>
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg ref="contextSource" />
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
这就足够了。
有什么解决办法吗?
I have set up authentication against LDAP/AD and it is working fine. But now I wonder if it is possible to bind against Active Directory using the sAMAccountNAme attribute in the userDNPattern?
Since some AD configuration prevents unauthenticated users to search, and I can't ask for a user in order to configure the context bean, I can't define a org.springframework.security.ldap.search.FilterBasedLdapUserSearch bean like:
<bean id="userSearch"
class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg>
<value></value>
</constructor-arg>
<constructor-arg>
<value>(sAMAccountName={0})</value>
</constructor-arg>
<constructor-arg ref="contextSource" />
<property name="searchSubtree">
<value>true</value>
</property>
</bean>
Which would be enough.
Is there any work around?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
使用Spring Security 3.1,它内置了AD支持。
Use Spring Security 3.1, It has built-in AD support.