配置 Spring Security Ldap 3.0 以与 Active Directory LDS 配合使用
我希望有人能帮助我解决我遇到的一个非常令人沮丧的问题。
目前,我正在尝试让 Spring Security 3.0 Web 应用程序通过 AD LDS 实例进行身份验证,但我不断收到此错误“错误凭据”。不幸的是,我现在没有什么可继续的。
下面是正在使用的安全配置的副本:
<authentication-manager alias="ldapAuthenicationManager">
<ldap-authentication-provider user-dn-pattern="CN={0},OU=Users,O=JLP,C=UK" >
</ldap-authentication-provider> </authentication-manager>
<ldap-server url="ldap://servner ip/o=JLP,c=UK" manager-dn="CN=Manager,O=JLP,C=UK" manager-password="manager" />
我怀疑问题是由
有没有人用 LDS 做过类似的事情 - 你是如何解决这个问题的?
抱歉,这太模糊了,但这是我必须继续讲的信息。有人对需要注意的事项或解决方案有任何建议吗?
非常感谢所有帮助!
干杯
莫
I am hoping that someone will help me out with a really frustrating problem I have.
Currently I am trying to get Spring Security 3.0 Web App to authenticate with an AD LDS instance but I keep getting this error 'Bad Credentials'. Unfortunately I dont have anything more to go on at the moment.
Below is a copy of the Security configuration being used:
<authentication-manager alias="ldapAuthenicationManager">
<ldap-authentication-provider user-dn-pattern="CN={0},OU=Users,O=JLP,C=UK" >
</ldap-authentication-provider> </authentication-manager>
<ldap-server url="ldap://servner ip/o=JLP,c=UK" manager-dn="CN=Manager,O=JLP,C=UK" manager-password="manager" />
I suspect the problem is caused by the <Ldap server> tag and that the manager-dn is not configured correctly. The DN of the Manager is copied directly from AD LDS - have I not provided enough information? Or does the password need to encrypted\hashed?
Has anyone done anything like this with LDS - how did you work around this problem?
Applogies that this is so vague, but this is as much information as I have to go on. Does any one have any suggestions of things to look at or for solutions?
All help is gratefully recieved!
Cheers
Mo
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
我不确定 LDS 的情况是否会有显着不同,但是您可以尝试升级到 Spring Security 3.1,因为它有一个专门用于 AD 的身份验证器。
它不需要经理帐户,因为它尝试使用正在验证的用户名/密码进行绑定。此外,配置也是最少的(无需提供 DN、搜索模式等),
其中domain = example.com(来自您的示例,jlp.uk)并且 server = ldap://ip
I am not sure if things would be significantly different for LDS but can you try upgrading to spring security 3.1 as it has a specialized Authenticator for AD.
It does not need manager account as it tries to bind using the username/password being authenticated. Also the configuration is minimal (No DN, search pattern, etc to be provided)
where domain = example.com (from your example, jlp.uk) and server = ldap://ip
我记得我遇到过同样的问题,解决方案是设置
manager-dn的值发送至
manageruser@yourdomain例如
I remember that I came across with the same issue and the solution was to set the value of
manager-dnto
manageruser@yourdomaine.g.
感谢您的回答,他们非常有帮助。
还发现您用于 manager-dn 的用户帐户需要添加到 LDS 中的读者角色以允许其搜索。
如果您将用户角色添加到管理员组,您可以连接但不能搜索。
为你的帮助干杯
Thanks for your answers they were very helpful.
Also found that the user account you are using for the manager-dn needs to be added to the reader role within LDS to allow it to search.
If you add the user role to the Administrators group you can connect but not search.
Cheers for your help
这里有点死灵,但对于那些通过 Google 偶然发现这一点的人来说,我发现的关于配置 LDAP 连接的最有用的工具是安装 Apache Directory Studio LDAP 浏览器。正是通过这个工具,我能够获得足够详细的错误消息,以发现我的 LDAP 配置出了什么问题,以及如何纠正它。
Slight necromancy here, but for those who stumble across this via Google, the most helpful tool I found regarding configuring my LDAP connection was to install Apache Directory Studio LDAP browser. It was via this tool that I was able to get verbose enough error messages to discover what was wrong with my LDAP configuration, and how to correct it.