在LDAP处理期间发生了未分类的exception; 嵌套exception是javax.naming.NamingException
我正在尝试使用带有spring boot安全性的oauth2中的LDAP进行身份validation。 我的配置如下所示
@Configuration @Order(Ordered.HIGHEST_PRECEDENCE) @EnableWebSecurity public class LdapConfiguration extends WebSecurityConfigurerAdapter { private static String url ="ldap://myldapdomain.com:389/OU=Users,OU=Accounts,DC=myldapdomain,DC=com"; @Override protected void configure(HttpSecurity http) throws Exception { http .csrf() .disable() .authorizeRequests() .anyRequest() .authenticated() .and() .httpBasic(); } @Configuration protected static class AuthenticationConfiguration extends GlobalAuthenticationConfigurerAdapter { @Override public void init(AuthenticationManagerBuilder auth) throws Exception { auth .ldapAuthentication() .userSearchFilter("(uid={0})") .contextSource().url(url); } } } 当我尝试使用所需的LDAP用户ID和密码登录到http:// localhost:9000 / api / oauth / token时 ,我收到以下exception
{ "timestamp": 1508848799342, "status": 401, "error": "Unauthorized", "message": "Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090749, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580\u0000]; remaining name '/'", "path": "/api/oauth/token" }
任何人都可以请帮助我
更新1
我使用下面的代码authenticateUser函数创建了一个用于LDAP身份validation的java独立应用程序。 在那里我能够成功登录
private String ldapURL = "ldap://myldapdomain:389"; private String ldapDomain = "myldapdomain.com"; public void authenticateUser(String username, String password) throws NamingException { Hashtable env = new Hashtable(); env.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); env.put(Context.SECURITY_AUTHENTICATION, "simple"); env.put(Context.PROVIDER_URL, ldapURL); env.put(Context.SECURITY_PRINCIPAL, username + "@" + ldapDomain); env.put(Context.SECURITY_CREDENTIALS, password); DirContext context = null; try { context = new InitialDirContext(env); } catch (Exception e) { if (context != null) { context.close(); } System.out.println("LDAP auth Failed:::"+ e.getMessage()); //throw new LoginFailedException("Invalid User Id orPassword"); } }
您必须定义一个用于绑定到LDAP的managerDn 。
例如ldapAuthentication().contextSource() .url(securityConfigProperties.getUrl()) .port(securityConfigProperties.getPort()) .managerDn(securityConfigProperties.getManagerDn()).managerPassword(securityConfigProperties.getManagerPassword())