spring-projects/spring-ldap

Alexandre Thenorio

@alethenorio

@eddumelendez Interesting you shared that. I found out your project like 2 days ago

And it is awesome

However I am having some small issues as I am uncertain about what exactly it does and does not

Chandan Kumar

@RC-Chandan

Hi guys I am new to SpringLdap

can anyone explain me how to configure ldap context in java layer

without xml

Mauricio Aiello

@aiellomau

I 'll try to be simple with code. Here is my code that's work for me...

// Make a class extends WebSecurityConfigurerAdapter

@Configuration
@EnableWebSecurity
@PropertySources({ @PropertySource("classpath:ldap.properties") })
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

......
......

  @Autowired
  private Environment env;

  @Autowired
  private AppLdapUserDetailsContextMapper appLdapUserDetailsContextMapper;


  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {

    // Authentication Provider Order

    // 1. LDAP provider
    ldapProvider(auth);

  }



  private void ldapProvider(AuthenticationManagerBuilder auth) throws Exception {

    try {

      // @formatter:off
      auth.ldapAuthentication()
        .userSearchBase(env.getRequiredProperty("ldap.user.search.base"))
        .userSearchFilter(env.getRequiredProperty("ldap.search.filter"))
        .groupSearchBase(env.getRequiredProperty("ldap.group.search.base"))
        .userDetailsContextMapper(appLdapUserDetailsContextMapper)
        .contextSource(contextSource());
      // @formatter:on

    } catch (IllegalStateException e) {
      LOGGER.warn("Some of the required LDAP attributes could not be readed from properties", e);
    }
  }


  @Bean
  public DefaultSpringSecurityContextSource contextSource() {

    DefaultSpringSecurityContextSource contextSource = new DefaultSpringSecurityContextSource(env
        .getRequiredProperty("ldap.url"));
    contextSource.setBase(env.getRequiredProperty("ldap.base.dn"));
    contextSource.setUserDn(env.getRequiredProperty("ldap.user.dn.pattern"));
    contextSource.setPassword(env.getRequiredProperty("ldap.password"));
    contextSource.setReferral(null);
    contextSource.setPooled(true);
    Map<String, Object> baseEnvironmentProperties = new HashMap<>();
    baseEnvironmentProperties.put("com.sun.jndi.ldap.connect.timeout", "5000");
    contextSource.setBaseEnvironmentProperties(baseEnvironmentProperties);
    contextSource.afterPropertiesSet();
    return contextSource;
  }

.....
}


@Component
public class AppLdapUserDetailsContextMapper extends InetOrgPersonContextMapper {

 @Override
  public UserDetails mapUserFromContext(DirContextOperations ctx, String username,
      Collection<? extends GrantedAuthority> authorities) {
    // must be implemented for your own business
    ...
  }
}


properties file:

## zflexldap
ldap.url=ldap://zflexldap.com:389/dc=zflexsoftware,dc=com
ldap.password=zflexpass
ldap.user.dn.pattern=cn=ro_admin,ou=sysadmins,dc=zflexsoftware,dc=com
ldap.base.dn=dc=zflexsoftware,dc=com

## Search
ldap.user.search.base=ou=guests
ldap.search.filter=(uid={0})
ldap.group.search.base=
ldap.group.search.filter=(member={0})

I think this is all.

platform-weiqiang

@platform-weiqiang

这是什么啊

没人啊

DAVID DE

@DavidDeCoding

Hi there, I had a question on licensing. spring-ldap is using unboundid yet it is under apache 2.0. Isn't apache 2.0 incompatible with gpl, lgpl and unboundid free license? Can I use unboundid inside an apache 2.0 project?

Rohit Nayak

@anotherrohit_twitter

Are there exporttocsv libaries under spring-ldap? all i see is ldifexport

Peter Reid

@ReidWeb

Hello, has anyone ever encountered this error

could not get unknown property 'SAMPLE_WAR_GRADLE' for root project 'user-admin' of type org.gradle.api.Project.

when invoking gradle tasks for the 'user-admin' sample project?

xiotee

@xiotee

Hello, may I ask how do you import the spring ldap to a grails 3 application? I cannot seem to reference it in my application. I'm using LdapContextSource and LdapTemplate on Grails 3.3.0. Thanks.

rraasikh

@rraasikh

@ReidWeb did you every resolve the unknown property 'SAMPLE_WAR_GRADLE' error when invoking the gradle tasks for the 'user-admin' sample project?

rraasikh

@rraasikh

FYI. Resolved the SAMPLE_WAR_GRADLE error. Had to modify build.gradle with apply from: 'sample-war.gradle' instead of apply from: SAMPLE_WAR_GRADLE. Additional modifications to build.gradle are as follows: https://pastebin.com/69W0ziu6

Matteo Gianello

@Giane88_twitter

I see that this channel is not so active but i try

I have a spring mvc application in witch i integrate spring security, in particular now i need to implement the ldap authentication but the problem is that in my basic authentication i have a CustomUserDetails and a CustomUserDetailsService now i want to manage this custom userDetails with spring ldap i try to extends LdapAuthorization provider without success someone have any idea?

Miguel

@miggy8234

Is there any reason the SimpleLdap classes would stop being able to authenticate with an LDAP server after updating from 1.3.1 to 2.3.2? I know it has become deprecated but I do not see anything that leads me to feel like it should give me an error of: "AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1]". Moving to use the LdapTemplate and LdapOperations is a bit much for me to do at the moment and I was curious if anyone else has had the same issue. I have already researched the error and it claims to be a bad authentication issue however I have doubled checked the credentials are right along with ensuring the LDAP user is not locked.

Marino Borra

@mborra

Hi to all, I have a question on AD & LDAP & Tomcat, I can to use an AD user (that is the same used to autenticate the Tomcat) to authenticate to the AD\LDAP server as a manager? How I can to configure Spring Security LDAP?

nadavg54

@nadavg54

Hello, what is the way to configure a timeout for queries ?

Marcel Overdijk

@marceloverdijk

@nadavg54 I'm facing something similar

Spring's LdapTemplate has a setDefaultTimeLimit which "Set the default time limit be used in searches if not explicitly specified."

We tried to set it but it does not seem to work.

We even set this value to 1ms but we are not getting the expected TimeLimitExceededException...

We tried to debug to get more insights and we see Spring is propagating this default time limit to the default javax.naming.directory.SearchControlsbut it seems not to work

Marcel Overdijk

@marceloverdijk

Note we are also using the Pool2 pooling support so I wonder if these are maybe not compatible?

I also found this old post from 2013: http://forum.spring.io/forum/spring-projects/data/ldap/48303-maximum-search-completion-time-limit-using-settimelimit where somebody was facing the same problem.

Marcel Overdijk

@marceloverdijk

Anyone seeing similar behaviour?

Marcel Overdijk

@marceloverdijk

Note I also tried without a PooledContextSource and default time limit 1 ms and I don't get the TimeLimitExceededException. It simply seems not to work.

Marcel Overdijk

@marceloverdijk

This seems to work:

final Map<String, Object> baseEnv = new Hashtable<>();
baseEnv.put("com.sun.jndi.ldap.connect.timeout", "5000");
baseEnv.put("com.sun.jndi.ldap.read.timeout", "5000");
final LdapContextSource ldapContextSource = new LdapContextSource();
ldapContextSource.setBaseEnvironmentProperties(baseEnv);

if I pass this to the LdapTemplate I get connect/read timeouts eventually. LdapTemplate#setDefaultTimeLimitdoes not seem to do anything.

Hope this might be useful for other users.

gasmyr

@syntrydy

Hi @all

I'm getting high numConnectionsClosedDefunct in my ldap logs, any thoughts?

MrHope

@codertiu

hi can some one help me

LDAP: error code 53 - 0000052D: SvcErr: DSID-031A120C, problem 5003 (WILL_NOT_PERFORM), data 0

Josh Cummings

@jzheaux

@codertiu Can you provide a bit more information?

mattwmj

@mattwmj

Hello everyone. I am new here. I want to ask about spring-ldap client load balancing features.

Is there such features? I really like spring-ldap and spring-data-ldap integrations and don't want to switch to unboundid sdk for client side load balancing.

diallo

@sadoudiallo_gitlab

LDAP: error code 49 - Unable to bind as user 'uid=admin,ou=people,dc=spring,dc=org' because the provided password was incorrect

MatthewHan

@Matthew-Han

Hi @all Knowing an attribute of entry, and knowing ou, how to use ldaptemplate to deduce dn?

diallo

@sadoudiallo_gitlab

i don't understand your question @Matthew-Han

MatthewHan

@Matthew-Han

For example , The attribute of an entry is '003001' , Let's assume that the Attr is deId , and this entry's DN is "deId=003001,deId=003,ou=department", I just know deId is '003001' and 'ou=department' , how to use ldaptemplate to deduce dn? I can't find a method in ldaptemplate.

@sadoudiallo_gitlab 003001 is the next level of 003

diallo

@sadoudiallo_gitlab

A DN is an absolute path and ascends the tree from left to right. I think you can build the DN if you know the other attributes. look at LdapBuilder.newInstance. maybe it can help you.

MatthewHan

@Matthew-Han

@sadoudiallo_gitlab Thank you for your answer.

Edward J Beckett

@edwardbeckett

Does anyone know how to implement an interceptor for the ldapTemplate similar to webServiceTemplate interceptor?

Holothuroid

@Holothuroid

Hello. I'm using an LdapRpository<com.company.User>. I'd like my user to have a Set<GrantedAuthority>. How can I (a) get ldapGroups and (b) turn map them into GrantedAuthorities for the User class? Any hints appreciated.

Josh Cummings

@jzheaux

@Holothuroid I believe what you are looking for is LdapAuthoritiesPopulator. There is a default implementation called DefaultLdapAuthoritiesPopulator that you might find of interest. Or you might simply create you own, like LdapRepositoryLdapAuthoritiesPopulator.

Isaac Figueroa

@ifiguer

Anyone know how to do an attribute scoped query using spring ldap?

Holothuroid

@Holothuroid

@jzheaux Thanks. That worked.

Where communities thrive

People

Repo info

Activity