Spring Security Active Directory Ignoring PartialResultException

Matt E picture Matt E · Aug 12, 2014 · Viewed 10.5k times · Source

I have the following configuration in my spring security xml file. When I try to authenticate I get the following message but cannot proceed.

INFO: Ignoring PartialResultException

I am aware that spring's documentation states that you can set ignorePartialResultException to true but this property seems to be in the LdapTemplate class which may require additional coding. I would like to accomplish all of this through bean configuration as I am not interested in role mapping.

<authentication-manager>
        <authentication-provider ref="activeDirectoryAuthProvider" />
    </authentication-manager>
    <beans:bean id="activeDirectoryAuthProvider"
        class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
        <beans:constructor-arg value="mydomain.com" />
        <beans:constructor-arg value=" ldap://mydomain.com:389" />
    </beans:bean>

Answer

Matt E picture Matt E · Nov 19, 2014

After digging around we found out that our role mapping was blocking the authentication. We were in fact hitting AD but Spring was trying to map a group name to a role that didn't exist within our system. Once we did that we were good to go.