How to configure spring to use External LDAP Server

java spring spring-security spring-security-ldap
lemoncodes picture lemoncodes · Sep 3, 2018 · Viewed 7.5k times · Source

I am learning about Spring Security to LDAP server, right now i am trying to make spring authenticate to ldap server. However, spring always uses the embedded server ldap://127.0.0.1:33389/dc=springframework,dc=org instead of my ldap://localhost:389/dc=localdomain,dc=local. I'm trying to configure it using application.properties See below my spring configuration.

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private static final Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
        logger.info("Loading Global Auth Configuration");
         auth
            .ldapAuthentication();

    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        logger.info("Configuring HTTP Security.");
        // Configure Web Security
        http
            .csrf().disable()
            .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
            .and()
            .authorizeRequests()
            .antMatchers("/auth/**").permitAll()
            .anyRequest().authenticated();

        // disable page caching
        http.headers().cacheControl();
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        logger.info("Configuring Web Security HTTP Security.");
        // AuthenticationTokenFilter will ignore the below paths
        web
            .ignoring()
            .antMatchers(
                HttpMethod.POST,
                "/auth"
            );
    }
}

application.properties

#Ldap Info
spring.ldap.urls=ldap://localhost:389
spring.ldap.anonymous-read-only=true
spring.ldap.username=ldapadm
spring.ldap.password=root123
spring.ldap.base=ou=People,dc=localdomain,dc=local

Tried using above application.properties, still does not work.

application.properties

#Ldap Info
ldap.urls=ldap://localhost:389
ldap.base.dn=dc=localdomain,dc=local
ldap.username=cn=ldapadm,dc=localdomain,dc=local
ldap.password=root123
ldap.user.dn.pattern =uid={0}

I also tried above properties, still does not work.

2018-09-04 00:05:31.515  INFO 9948 --- [           main] s.s.l.DefaultSpringSecurityContextSource :  URL 'ldap://127.0.0.1:33389/dc=springframework,dc=org', root DN is 'dc=springframework,dc=org'
2018-09-04 00:05:31.516  INFO 9948 --- [           main] o.s.l.c.support.AbstractContextSource    : Property 'userDn' not set - anonymous context will be used for read-write operations
2018-09-04 00:05:31.523  WARN 9948 --- [           main] ConfigServletWebServerApplicationContext : Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'springSecurityFilterChain' defined in class path resource [org/springframework/security/config/annotation/web/configuration/WebSecurityConfiguration.class]: Bean instantiation via factory method failed; nested exception is org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.RuntimeException: Could not postProcess org.springframework.security.ldap.authentication.BindAuthenticator@3bc735b3 of type class org.springframework.security.ldap.authentication.BindAuthenticator
2018-09-04 00:05:31.526  INFO 9948 --- [           main] o.apache.catalina.core.StandardService   : Stopping service [Tomcat]

for both settings in application.properties, i always get this on my server log

Can anyone make sense of these? i am trying to make it read the application.properties but it always uses the embedded ldap in spring

Answer

Udara S.S Liyanage picture Udara S.S Liyanage · Sep 4, 2018

You can follow a similar approach as in LDAP Authentication with Spring Boot

In application.properties.

ldap.urls=ldap://localhost:389/dc=localdomain,dc=local

In your WebSecurityConfig 

 @Value("${ldap.urls:ldap://127.0.0.1:33389/dc=springframework,dc=org}")
  private String ldapUrls;


     @Override
     public void configure(AuthenticationManagerBuilder auth) throws Exception {
     auth
     .ldapAuthentication()
     .userDnPatterns("uid={0},ou=people")
     .groupSearchBase("ou=groups")
     .contextSource()
     .url(ldapUrls)
     .and()
     .passwordCompare()
     .passwordEncoder(new LdapShaPasswordEncoder())
     .passwordAttribute("adminpassword");
     }

Please note that actual parameters(userDnPatterns etc...) that may be changed according to your LDAP config, i just pointed out how you can configure your LDAP config to connect to an external LDAP

Related questions

Spring Security LDAP and Remember Me

I'm building an app with Spring Boot that has integration with LDAP. I was able to connect successfully to LDAP server and authenticate user. Now I have a requirement to add remember-me functionality. I tried to look through different posts (…

Read More
How to fix Hibernate LazyInitializationException: failed to lazily initialize a collection of roles, could not initialize proxy - no Session

In the custom AuthenticationProvider from my spring project, I am trying read the list of authorities of the logged user, but I am facing the following error: org.hibernate.LazyInitializationException: failed to lazily initialize a collection of role: com.horariolivre.…

Read More
When using Spring Security, what is the proper way to obtain current username (i.e. SecurityContext) information in a bean?

I have a Spring MVC web app which uses Spring Security. I want to know the username of the currently logged in user. I'm using the code snippet given below . Is this the accepted way? I don't like having a …

Read More