Anonymous bind required for roles

**pigwin32** · Apr 13th, 2008, 06:14 PM

Kia ora

I am using openldap to store user information for logging into a web app with acegisecurity providing authentication. I'm trying to secure my openldap repository and discovered that in order to determine the user's roles, I need to allow anonymous "read" access to the roles ou. I really only want to allow anonymous "auth" access to the user's userPassword attribute which is required to allow the user to login. Is this a known issue with the ldap support in acegisec or am I just doing it wrong?

Thanks for any assistance.

**sambrodkin** · Apr 14th, 2008, 02:35 AM

Could you post some code? I can't quite follow your question.

**ulsa** · Apr 14th, 2008, 12:39 PM

You should post any questions related to Acegi or Spring Security in their forum.

**pigwin32** · Apr 14th, 2008, 03:43 PM

Yep, I've already tried that forum and received no response and thought I would try a little cross pollination. At this stage I guess I'm just stuck with allowing more anonymous access than I really want.

**pigwin32** · Apr 14th, 2008, 05:06 PM

FWIW, the problem was that I hadn't provided credentials for an acegisecurity identity in my applicationContext.xml so it was trying to use anonymous access to search for user roles.

Code:

<bean id="initialDirContextFactory"
        class="org.acegisecurity.ldap.DefaultInitialDirContextFactory">
        <constructor-arg value="ldap://localhost:389/dc=base,dc=co,dc=nz"/>
        <!--
        For bind authentication don't require managerDn, but it is used for 
        picking roles without requiring anon access.
        -->

        <property name="managerDn">
            <value>cn=acegisecurity,ou=people,dc=base,dc=co,dc=nz</value>
        </property>
        <property name="managerPassword">
            <value>**************</value>
        </property>
</bean>

Thread: Anonymous bind required for roles

Thread Tools

Display

Anonymous bind required for roles

Posting Permissions