1

I have developed a Spring Boot application, and I want to perform authentication using a LDAP server. In production it will be an Active Directory server, but during development I am just using this public LDAP testing server

I got it to work using the following classes:

A simple LDAP configuration class. It reads from my application.properties file the properties related to LDAP stuff.

@Configuration
public class LdapConfiguration {

    //Getting values from properties file
    @Value("${ldap.urls}")
    private String ldapUrls;
    @Value("${ldap.base.dn}")
    private String ldapBaseDn;
    @Value("${ldap.username}")
    private String ldapSecurityPrincipal;
    @Value("${ldap.password}")
    private String ldapPrincipalPassword;
    @Value("${ldap.user.dn.pattern}")
    private String ldapUserDnPattern;
    @Value("${ldap.enabled}")
    private String ldapEnabled;

    public LdapConfiguration() {
    }

    ... getters and setters ...

}

And a WebSecurityConfiguration, that actually reads from the LdapConfiguration class to use it for Authentication:

@Configuration
public class WebSecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private LdapConfiguration ldapConfiguration;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
                .authorizeRequests()
                .anyRequest().fullyAuthenticated()
                .and()
                .formLogin();
    }

    // Update configure method for the online test server
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth
                .ldapAuthentication()
                .contextSource()
                .url(ldapConfiguration.getLdapUrls() +ldapConfiguration.getLdapBaseDn())
                .managerDn(ldapConfiguration.getLdapSecurityPrincipal())
                .managerPassword(ldapConfiguration.getLdapPrincipalPassword())
                .and()
                .userDnPatterns(ldapConfiguration.getLdapUserDnPattern());
    }

With this configurations, the LDAP authentication works: I get a nice HTML page with the Login Form and using the proper credentials I can use the website.login form

And here is my issue: after the login phase, if I run something like 

    UserDetails ud = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
    System.out.println(ud);

this is what I will get:

LdapUserDetailsImpl@fd8cece1:
    Dn: uid=tesla,dc=example,dc=com; 
    Username: tesla; 
    Password: [PROTECTED]; 
    Enabled: true; 
    AccountNonExpired: true; 
    CredentialsNonExpired: true; 
    AccountNonLocked: true; 
    Granted Authorities: ROLE_SCIENTISTS

I get nothing about, say, Tesla's full name (which is there in the LDAP server, as field CN). It would be nice to get all data about the authenticated user.

Of course I can run a separate query to the LDAP server, asking the details about the user with username tesla. However, that means making an additional request to the LDAP server, so it does not seem a good solution.

Is there a way to specify which fields I want to obtain from the LDAP server when I perform authentication? (And does it change much when working with an Active Directory server?)

Thanks in advance.

Andrea Rossi
  • 981
  • 1
  • 10
  • 23
  • This was answered here: https://stackoverflow.com/questions/54242165/do-we-need-to-write-customactivedirectoryldapauthenticationprovider-if-we-want-t – spourdas Jan 18 '19 at 20:40

0 Answers0