为什么我要在连接上完成错误＆＃x27;成功的绑定＆＃x27;当我尝试使用Spring Boot连接到Active Directory时？

发布于 2025-01-17 17:22:40 字数 1729 浏览 0 评论 0原文

我的广告连接到春季靴子，我有些挣扎。我将Windows Server 2012用于我的Active Directory。

我想确保我的API请求。以示例，我希望Group sales的成员只能调用API www.company.com \ Sales \ 2022而不是其他部门。

为此，我想通过其广告帐户对用户进行身份验证，并检查他们的组，以便我可以授予他们调用请求映射的权限。

我尝试了一个简单的代码，以检查是否可以使用Springboot访问我的广告，但它成功了，但这不是最好的方法（安全问题！）。

在这里

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .anyRequest().fullyAuthenticated()
        .and()
      .formLogin();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userSearchFilter("(&(objectCategory=user)(sAMAccountname={0}))")
        .userSearchBase("OU=Users,OU=INT,OU=Companies, DC=mycompany,DC=com")
        .contextSource()
          .url("ldap://adserver.mycompany.com/")
          .and()
        .passwordCompare()
          .passwordEncoder(new BCryptPasswordEncoder())
          .passwordAttribute("userPassword");
  }

因此，我尝试了一种更好的方法，我找到了 Active Directory的参数。但是，当我尝试登录时，我会有一个错误：

Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'ou=Users,ou=INT,ou=Companies,dc=mycompany,dc=com'

我不知道我在做什么错。也许我必须添加具有在广告中检查值的用户吗？

原文

I have some struggle with the connection of my AD to Spring Boot. I use Windows Server 2012 for my Active Directory.

I want to secure my API request. Per example, I want members of the group Sales to only being able to call the api www.company.com\sales\2022 and not the other departements.

For this, I want to authenticate users with their AD accounts and check their group, so I can give them or not the permission to call the request mapping.

I tried a simple code to check If I can access to my AD with SpringBoot and it was successfull, but this wasn't the best way to do it (security problem!).

So I tried a better way that I found here:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .anyRequest().fullyAuthenticated()
        .and()
      .formLogin();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userSearchFilter("(&(objectCategory=user)(sAMAccountname={0}))")
        .userSearchBase("OU=Users,OU=INT,OU=Companies, DC=mycompany,DC=com")
        .contextSource()
          .url("ldap://adserver.mycompany.com/")
          .and()
        .passwordCompare()
          .passwordEncoder(new BCryptPasswordEncoder())
          .passwordAttribute("userPassword");
  }

I changed the values with the Active Directory's parameters. But when I try to log in I have this error :

Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'ou=Users,ou=INT,ou=Companies,dc=mycompany,dc=com'

I don't know what I am doing wrong. Maybe do I have to add an user that have the rights to check values in the AD?

分享到QQ

分享到微博