{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 你好瞎i 的问题《Spring security authentication using LDAP》','https://www.manongdao.com/q-894665.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am new to spring security and i've tried to run a sample application based on the spring-security ldap example. Below is my configuration of the applicationContext-security.xml:
<http>
<intercept-url pattern="/Login.jsp" filters="none"></intercept-url>
<intercept-url pattern="/nnn/**" access="ROLE_ADMIN" />
<intercept-url pattern="/common/**" access="ROLE_USER" />
<form-login login-page="/Login.jsp" authentication-failure-url="/Login.jsp?login_error=1"
default-target-url="/common/home.jsp"/>
<logout logout-success-url="/Login.jsp" invalidate-session="true"/>
</http>
<authentication-manager>
<ldap-authentication-provider group-search-filter="member={0}"
group-search-base="ou=groups"
user-search-base="ou=people"
user-search-filter="uid={0}" />
<authentication-provider ref='secondLdapProvider' />
</authentication-manager>
<ldap-server ldif="classpath:users.ldif" port="33389"/>
<b:bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<b:constructor-arg value="ldap://localhost:33389/dc=springframework,dc=org"/>
</b:bean>
I've used the user.ldif file as it is. The application runs successfully if I use the default values. But if I put any other value in place of springframework, say google, in the ldif file and in the contextSource bean in the applicationContext-security.xml, then I get the below error:
Your login attempt was not successful, try again.
Reason: [LDAP: error code 32 - NO_SUCH_OBJECT: failed for SearchRequest baseDn :
'2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org' filter : '(0.9.2342.19200300.100.1.1=rod)' scope :whole
subtree typesOnly : false Size Limit : no limit Time Limit : no limit Deref Aliases : deref Always attributes : : Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org:
org.apache.directory.shared.ldap.exception.LdapNameNotFoundException: Cannot find a partition for
2.5.4.11=people,0.9.2342.19200300.100.1.25=google,0.9.2342.19200300.100.1.25=org at
org.apache.directory.server.core.partition.DefaultPartitionNexus.getPartition(DefaultPartitionNexus.java:1082) at
org.apache.directory.server.core.partition.DefaultPartitionNexus.hasEntry(DefaultPartitionNexus.java:1037) at
org.apache.directory.server.core.interceptor.InterceptorChain$1.hasEntry(InterceptorChain.java:167) at
Could someone please tell me why am I getting the above error...
This is the ldif file:
dn: ou=groups,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: groups
dn: ou=people,dc=google,dc=org
objectclass: top
objectclass: organizationalUnit
ou: people
dn: uid=rod,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Rod Johnson
sn: Johnson
uid: rod
userPassword: koala
dn: uid=dianne,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Dianne Emu
sn: Emu
uid: dianne
userPassword: emu
dn: uid=scott,ou=people,dc=google,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Scott
sn: Wombat
uid: scott
userPassword: wombat
dn: cn=user,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=rod,ou=people,dc=google,dc=org
member: uid=dianne,ou=people,dc=google,dc=org
member: uid=scott,ou=people,dc=google,dc=org
dn: cn=teller,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: USER
member: uid=rod,ou=people,dc=google,dc=org
member: dianne=rod,ou=people,dc=google,dc=org
dn: cn=supervisor,ou=groups,dc=google,dc=org
objectclass: top
objectclass: groupOfNames
cn: ADMIN
member: uid=rod,ou=people,dc=google,dc=org
Instead of google, it was springframework in the original file from the sample application. Am I missing something in this...
A search request must contain a base object, a scope, and a filter at minimum. The base object that is specified in your query does not exist, therefore the search fails. Error code 32 is, as you can see, 'no such object', in this case, the base object.
You need to set
rootto desired base-dn/suffix (dc=google,dc=org, in your case) to get it to work. so, in all, there are three places where you need to make changes:The default root is
dc=springframework,dc=orgthat is why you did not need to set it in the example you posted. To use any other base dn, follow the example ldap-server definition below: