当前位置: 文江博客话题详情

使用 LDAP 进行 Spring Security 身份验证

发布于 2024-12-04 19:21:59 字数 3959 浏览 0 评论 0原文

我是 spring security 的新手,我尝试运行一个基于 spring-security ldap 示例的示例应用程序。以下是我的 applicationContext-security.xml 配置:

<http>
        <intercept-url pattern="/Login.jsp" filters="none"></intercept-url>
        <intercept-url pattern="/nnn/**" access="ROLE_ADMIN" />
        <intercept-url pattern="/common/**" access="ROLE_USER" />
        <form-login login-page="/Login.jsp" authentication-failure-url="/Login.jsp?login_error=1"
                    default-target-url="/common/home.jsp"/>
        <logout logout-success-url="/Login.jsp" invalidate-session="true"/>
    </http>

    <authentication-manager>
        <ldap-authentication-provider group-search-filter="member={0}"
            group-search-base="ou=groups"
            user-search-base="ou=people"
            user-search-filter="uid={0}" />
            <authentication-provider ref='secondLdapProvider' />
    </authentication-manager>

    <ldap-server ldif="classpath:users.ldif"  port="33389"/>

    <b:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <b:constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
    </b:bean>

我按原样使用了 user.ldif 文件。 如果我使用默认值,应用程序将成功运行。但是,如果我在 ldif 文件和 applicationContext-security.xml 中的 contextSource bean 中放置任何其他值来代替 springframework(例如 google),那么我会收到以下错误:

Your login attempt was not successful, try again.

Reason: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for SearchRequest baseDn :
'2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org' filter : '(0.9.2342.19200300.100.1.1=rod)' scope :whole
subtree typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : : Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org at
org.apache.directory.server.core.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:1082) at
org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:1037) at
org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:167) at

有人可以告诉我为什么会出现上述情况吗?错误...

这是 ldif 文件:

dn: ou=groups,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=rod,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: rod
userPassword: koala

dn: uid=dianne,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: dianne
userPassword: emu

dn: uid=scott,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Scott
sn: Wombat
uid: scott
userPassword: wombat

dn: cn=user,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=rod,ou=people,dc=google,dc=org
member: uid=dianne,ou=people,dc=google,dc=org
member: uid=scott,ou=people,dc=google,dc=org

dn: cn=teller,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: USER
member: uid=rod,ou=people,dc=google,dc=org
member: dianne=rod,ou=people,dc=google,dc=org

dn: cn=supervisor,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: ADMIN
member: uid=rod,ou=people,dc=google,dc=org

它不是 google,而是示例应用程序的原始文件中的 springframework。我是不是在这件事上遗漏了什么……

原文

I am new to spring security and i've tried to run a sample application based on the spring-security ldap example. Below is my configuration of the applicationContext-security.xml:

<http>
        <intercept-url pattern="/Login.jsp" filters="none"></intercept-url>
        <intercept-url pattern="/nnn/**" access="ROLE_ADMIN" />
        <intercept-url pattern="/common/**" access="ROLE_USER" />
        <form-login login-page="/Login.jsp" authentication-failure-url="/Login.jsp?login_error=1"
                    default-target-url="/common/home.jsp"/>
        <logout logout-success-url="/Login.jsp" invalidate-session="true"/>
    </http>

    <authentication-manager>
        <ldap-authentication-provider group-search-filter="member={0}"
            group-search-base="ou=groups"
            user-search-base="ou=people"
            user-search-filter="uid={0}" />
            <authentication-provider ref='secondLdapProvider' />
    </authentication-manager>

    <ldap-server ldif="classpath:users.ldif"  port="33389"/>

    <b:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
        <b:constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
    </b:bean>

I've used the user.ldif file as it is.
The application runs successfully if I use the default values. But if I put any other value in place of springframework, say google, in the ldif file and in the contextSource bean in the applicationContext-security.xml, then I get the below error:

Your login attempt was not successful, try again.

Reason: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for SearchRequest baseDn :
'2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org' filter : '(0.9.2342.19200300.100.1.1=rod)' scope :whole
subtree typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : : Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org at
org.apache.directory.server.core.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:1082) at
org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:1037) at
org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:167) at

Could someone please tell me why am I getting the above error...

This is the ldif file:

dn: ou=groups,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=rod,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: rod
userPassword: koala

dn: uid=dianne,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: dianne
userPassword: emu

dn: uid=scott,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Scott
sn: Wombat
uid: scott
userPassword: wombat

dn: cn=user,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=rod,ou=people,dc=google,dc=org
member: uid=dianne,ou=people,dc=google,dc=org
member: uid=scott,ou=people,dc=google,dc=org

dn: cn=teller,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: USER
member: uid=rod,ou=people,dc=google,dc=org
member: dianne=rod,ou=people,dc=google,dc=org

dn: cn=supervisor,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: ADMIN
member: uid=rod,ou=people,dc=google,dc=org

Instead of google, it was springframework in the original file from the sample application. Am I missing something in this...

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

我恋#小黄人 2024-12-11 19:21:59

您需要将 root 设置为所需的基本 dn/后缀(在您的情况下为 dc=google,dc=org)才能使其正常工作。因此,总共有三个地方需要进行更改:

  1. ldap-server 中的根
  2. 上下文源定义
  3. ldif 文件

默认根是 dc=springframework,dc=org 即为什么您不需要在您发布的示例中设置它。要使用任何其他基本 DN,请遵循下面的示例 ldap-server 定义:

<security:ldap-server id="dummyLdap" ldif="classpath:users.ldif" port="33389" root="dc=stackoverflow,dc=com">

You need to set root to desired base-dn/suffix (dc=google,dc=org, in your case) to get it to work. so, in all, there are three places where you need to make changes:

  1. the root in the ldap-server
  2. the context source definition
  3. the ldif file

The default root is dc=springframework,dc=org that is why you did not need to set it in the example you posted. To use any other base dn, follow the example ldap-server definition below:

<security:ldap-server id="dummyLdap" ldif="classpath:users.ldif" port="33389" root="dc=stackoverflow,dc=com">
回复 原文
泪痕残 2024-12-11 19:21:59

搜索请求必须至少包含基础对象、范围和过滤器。查询中指定的基础对象不存在,因此搜索失败。正如您所看到的,错误代码 32 是“没有这样的对象”,在本例中是基础对象。

A search request must contain a base object, a scope, and a filter at minimum. The base object that is specified in your query does not exist, therefore the search fails. Error code 32 is, as you can see, 'no such object', in this case, the base object.

回复 原文
~没有更多了~

关于作者

抚笙

暂无简介

0 文章
0 评论
25 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

胡图图

文章 0 评论 0

zt006

文章 0 评论 0

z祗昰~

文章 0 评论 0

冰葑

文章 0 评论 0

野の

文章 0 评论 0

天空

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文