Spring Security Ldap, log in only users in specifi

2020-07-22 17:53发布

站内问答 / Java
1991 3 6

Just like in title, I want that only users of spec. Here is my authentication code:

public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    auth.ldapAuthentication().userSearchFilter("(sAMAccountName={0})")
    .contextSource(contextSource());
}

I found that there are functions like groupSearchFilter and groupSearchBase or groupRoleAttribute but I have no idea how to use them

3条回答
我只想做你的唯一
2楼-- · 2020-07-22 17:58 
"(sAMAccountName={0})"

should be replaced with following

"(&(objectCategory=Person)(sAMAccountName=*)(memberOf=cn=entergroup,ou=users,dc=company,dc=com))"

where cn, ou,dc are the specifications of the group in directory

查看更多
0人赞 添加讨论(0) 举报
迷人小祖宗
3楼-- · 2020-07-22 18:09

I made some modifications on Megha's solution

@Configuration
@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Configuration
    protected static class AuthenticationConfiguration extends  GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {              
            DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://ip:port/DC=xxxx,DC=yyyy");
            contextSource.setUserDn("user_service_account");
            contextSource.setPassword("password_user_service_account");
            contextSource.setReferral("follow"); 
            contextSource.afterPropertiesSet();

            LdapAuthenticationProviderConfigurer<AuthenticationManagerBuilder> ldapAuthenticationProviderConfigurer = auth.ldapAuthentication();

            ldapAuthenticationProviderConfigurer
                .userSearchBase("OU=Users,OU=Servers")
                .userSearchFilter("(&(cn={0})(memberOf=CN=GROUP_NAME,OU=Groups,OU=Servers,DC=xxxx,DC=yyyy))")
                .contextSource(contextSource);
        }
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.authorizeRequests()
            .antMatchers("/admin/**").authenticated().and()
            .httpBasic();
    }
}
查看更多
0人赞 添加讨论(0) 举报
够拽才男人
4楼-- · 2020-07-22 18:24

It depends on how your group membership is set up. Something like the following might work, replacing your group dn and objectclasses as necessary:

groupSearchBase("cn=yourgroup,ou=groups")
groupSearchFilter("(uniqueMember={0})")
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)