Using user login to bind to LDAP

[Josh LOL]

Hi,

NOTE - I am currently limited to spring security 2.0

I'm relatively new to spring security so apologies if this is an obvious question.

- Our LDAP Server does NOT support anonymous binding
- I dont want to create a special "Manager" account for binding
- Every user that can log into our application will have those same credentials give them readonly access to the LDAP (We have a company wide LDAP server)

So I want to be able to use the user supplied ID / Password to bind to the LDAP server before doing a search in the LDAP server for that same user's roles.

As far as I can tell I need to create a custom LdapAuthenticationProvider but I'm not having any luck so far, has anyone done anything like this before?

Thanks in advance for any help

[Luke Taylor]

You just need to implement the AuthenticationProvider interface. The authenticate() method will be passed a UsernamePasswordAuthentication token from which you can extract the username and password. Then write the necessary LDAP code to make the bind call and load the user authorities.

[Josh LOL]

I think I understand,

if I override the authenticate method I could create a local org.springframework.ldap.core.support.AbstractCont extSource from the username / password.

This new context source could then be used to create a org.springframework.security.providers.ldap.LdapAu thenticationProvider and org.springframework.security.providers.ldap.authen ticator.BindAuthenticator which would then be used to perform the authentication.

Is this the right way of going about this?