mihai.patrascu
Sep 6th, 2006, 05:18 AM
Hi, i've got a problem in the sense that i try to connect to an Active Directory server. I have set the baseDN in the folowing way:
<bean id="userContextSource" class="org.springframework.ldap.support.LdapContextSource">
<property name="authenticationSource"
ref="ldapUserAuthService"/>
<property name="url" value="ldap://192.168.16.196:389"/>
<property name="base" value="CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro" />
</bean>
ldapUserAuthService is a bean for a class that implements AuthenticationSource.
Problem is that i cannot auth against the AD, if from ldapUserAuthService
public String getPrincipal() {
return "CN=Administrator";
}
the method returns only this relative name.
If I return the full DN: CN=Administrator, CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro it works.
and it is confirmed by the post "If you are using the distinguished name form, even if your initial LDAP Context URL is something like:
"LDAP://mydc.antipodes.com:389/OU=IT Admins,DC=Antipodes,DC=Com"
you cannot just use the Relative Distingusihed Name (RDN)
"CN=John Smith", you must use the full distinguished name:
"CN=John Smith,OU=IT Admins,DC=Antipodes,DC=Com"
on http://forum.java.sun.com/thread.jspa?threadID=524631&messageID=2736182
Ok, they way i thought of getting over it was that i will need to override the method in AbstractContextSource
protected void setupAuthenticatedEnvironment(Hashtable env) {
env
.put(Context.SECURITY_PRINCIPAL, authenticationSource
.getPrincipal());
log.debug("Principal: '" + userName + "'");
env.put(Context.SECURITY_CREDENTIALS, authenticationSource
.getCredentials());
}
to .put(Context.SECURITY_PRINCIPAL, username + baseDN);
But how can i get my hands on baseDN since base is private and there is no getter for it?
But i guess my solution of overriding the method may be a wrong one and there is a more simpler, logical solution.
<bean id="userContextSource" class="org.springframework.ldap.support.LdapContextSource">
<property name="authenticationSource"
ref="ldapUserAuthService"/>
<property name="url" value="ldap://192.168.16.196:389"/>
<property name="base" value="CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro" />
</bean>
ldapUserAuthService is a bean for a class that implements AuthenticationSource.
Problem is that i cannot auth against the AD, if from ldapUserAuthService
public String getPrincipal() {
return "CN=Administrator";
}
the method returns only this relative name.
If I return the full DN: CN=Administrator, CN=Users,DC=domain,DC=intranet,DC=mycomp,DC=ro it works.
and it is confirmed by the post "If you are using the distinguished name form, even if your initial LDAP Context URL is something like:
"LDAP://mydc.antipodes.com:389/OU=IT Admins,DC=Antipodes,DC=Com"
you cannot just use the Relative Distingusihed Name (RDN)
"CN=John Smith", you must use the full distinguished name:
"CN=John Smith,OU=IT Admins,DC=Antipodes,DC=Com"
on http://forum.java.sun.com/thread.jspa?threadID=524631&messageID=2736182
Ok, they way i thought of getting over it was that i will need to override the method in AbstractContextSource
protected void setupAuthenticatedEnvironment(Hashtable env) {
env
.put(Context.SECURITY_PRINCIPAL, authenticationSource
.getPrincipal());
log.debug("Principal: '" + userName + "'");
env.put(Context.SECURITY_CREDENTIALS, authenticationSource
.getCredentials());
}
to .put(Context.SECURITY_PRINCIPAL, username + baseDN);
But how can i get my hands on baseDN since base is private and there is no getter for it?
But i guess my solution of overriding the method may be a wrong one and there is a more simpler, logical solution.