Spring Ldap unbind with tls connection. Authentication failure

Question

I'm using Spring Ldap to interact with my openLdap server which needs tls authentication. In order to authenticate I had to set the contextSource like:

TransactionAwareContextSourceProxy ctx = (TransactionAwareContextSourceProxy) ldapTemplate.getContextSource();
SecureLdapContextSource secureContextSource = new SecureLdapContextSource();
secureContextSource.afterPropertiesSet();
ldapTemplate.setContextSource(secureContextSource);

Where is SecureLdapContextSource

public void afterPropertiesSet() {
    //http://forum.spring.io/forum/spring-projects/data/ldap/33910-ldaps-external-certificate-contains-unsupported-critical-extensions-2-5-29-17
    this.setUrl("ldaps://myLdapServer.com:636/");
    super.afterPropertiesSet();
    Hashtable<String, Object> envProps = new Hashtable<String, Object>();

    envProps.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
    envProps.put(Context.PROVIDER_URL, "ldaps://myLdapServer.com:636/");
    envProps.put(Context.SECURITY_PRINCIPAL, "adminUsername");
    envProps.put(Context.SECURITY_CREDENTIALS, "adminPwd");
    envProps.put(Context.SECURITY_AUTHENTICATION, "simple");
    envProps.put("java.naming.security.protocol", "ssl");
    envProps.put("com.sun.jndi.ldap.connect.pool", "true");
    envProps.put("java.naming.ldap.factory.socket", "org.springframework.ldap.samples.useradmin.EmblSSLSocketFactory");
    System.setProperty("java.naming.ldap.factory.socket", "org.springframework.ldap.samples.useradmin.EmblSSLSocketFactory");

    //set the environment
    super.setupAuthenticatedEnvironment(envProps, keyStore, keyStorePassword);
    // set the base environment again
    super.setBaseEnvironmentProperties(envProps);
    System.setProperty("javax.net.ssl.keyStore", keyStore);
    System.setProperty("javax.net.ssl.keyStorePassword", keyStorePassword);
    // it is necessary to call super.afterPropertiesSet() again!!!
    super.afterPropertiesSet();
}

After that I've been able to authenticate the admin with such call:

ldapTemplate.authenticate(queryAdmin, password);

After that comes my problem. I want to delete a user from the ldap with the unbind method: ldapTemplate.unbind("dnOfMyWorsteColeague");

Running it on a test I get the following exception from the ldap server: [LDAP: error code 8 - modifications require authentication]

So, I cannot (as I'm doing with my old ldap interface, w/o Spring Ldap) do an authentication and keep the session to execute commands that only the admin is allowed to do.

Any idea? I'd like to use Spring Ldap for that...

Thanks for any help, Marco

i mean something like this: http://stackoverflow.com/questions/26700291/error-validating-the-file-spring-ldap-xsd/26821202#26821202 — DevOps85, Feb 03 '15 at 16:07
Ok, I see Antonio. However, regardless the way in which the beans are wired together, I'm still not able to operate on the Ldap doing certain operations where Admin Rights are needed. Using Spring-Ldap. — marco-hans, Feb 04 '15 at 15:31
Hi, i try your code, but for me tell me EmblSSLSocketFactory not found..sure it exsist? — DevOps85, Mar 18 '15 at 06:47

score 0 · Answer 1 · answered Apr 26 '18 at 18:40

0

I know this Q is super old, and I'm relatively new to LDAP but I think unbind() is used to close an LDAP connection, not delete a user. To do that, you would use delete()

https://www.ldap.com/the-ldap-delete-operation

answered Apr 26 '18 at 18:40

myclues

123
5

Spring Ldap unbind with tls connection. Authentication failure

1 Answers1