Spring Security with Active Directory

[dhanyanair]

I am trying to implement Sprign Security with Active Directory log in. However I am running into issues with Partial Exception errors. Is there anyway I can set the ignorePartialResultException to true in security-config.xml file?

[dhanyanair]

Actual problem was the referral property for AD. If anyone is interested abt the solution, let me know

[r0v1n]

Hi, I'd be interested in seeing your solution as we seem to be having the same or similar problem getting LDAP to authenticate our users in active directory via the spring framework supplied / installed as part of a Jasperserver build.

So any help / pointers or LDAP extract from your applicationcontext-security.xml would be really helpful.

Thanks in advance

Ric

[dhanyanair]

See below
Please see items in blue for user specific settings. Hopefully this works for you. I am not sure if you need all the different steps that I have here. I was trying different things and this finally worked for me. And then I was too lazy to change it fearing that it might break
Good Luck
Dhanya


<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security"
xmlns:beans="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schem...-beans-3.1.xsd
http://www.springframework.org/schema/security
http://www.springframework.org/schema/security/spring-security-3.1.xsd">

<global-method-security secured-annotations="enabled">
</global-method-security>

<http auto-config='true' authentication-manager-ref="authenticationManager">
<intercept-url pattern="/**" access="ROLE_YourRoleinCaps" />
<!--this tag requires the access to start with ROLE_ -->
</http>

<beans:bean id="contextSource"
class="org.springframework.ldap.core.support.LdapC ontextSource">
<beans:property name="url" value="YourAdServer" />
<beans:property name="base" value="yourbasedc" />
<beans:property name="userDn"
value="cn=YourUserIdtoaccessAD,ou=OUfortheUserIdtoaccessAD,dc=DCfortheUserIdtoaccessAD(ex:dc=system,dc=manager" />
<beans:property name="password" value="YourPasswordtoaccessAD" />
<beans:property name="pooled" value="true" />
<!-- AD Specific Setting for avoiding the partial exception error -->
<beans:property name="referral" value="follow" />
</beans:bean>

<beans:bean id="ldapAuthenticationProvider"
class="org.springframework.security.ldap.authentic ation.LdapAuthenticationProvider">
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.authentic ation.BindAuthenticator">
<beans:constructor-arg ref="contextSource" />
<beans:property name="userSearch">
<beans:bean id="userSearch"
class="org.springframework.security.ldap.search.Fi lterBasedLdapUserSearch">
<beans:constructor-arg index="0" value="" />
<beans:constructor-arg index="1"
value="(sAMAccountName={0})" />
<beans:constructor-arg index="2" ref="contextSource" />
</beans:bean>
</beans:property>
</beans:bean>
</beans:constructor-arg>
<beans:constructor-arg>
<beans:bean
class="org.springframework.security.ldap.userdetai ls.DefaultLdapAuthoritiesPopulator">
<beans:constructor-arg ref="contextSource" />
<beans:constructor-arg value="" />
<beans:property name="groupSearchFilter" value="(member={0})" />
<beans:property name="searchSubtree" value="true" />
<!-- Below Settings convert the adds the prefix ROLE_ to roles returned
from AD -->
</beans:bean>
</beans:constructor-arg>
</beans:bean>

<beans:bean id="authenticationManager"
class="org.springframework.security.authentication .ProviderManager">
<beans:constructor-arg>
<beans:list>
<beans:ref local="ldapAuthenticationProvider" />

</beans:list>
</beans:constructor-arg>
</beans:bean>

</beans:beans>