春季启动LDAP身份验证与LDAP错误代码失败49 - 80090308数据52E
问题描述:
我想在我的web应用程序中使用LDAP用户身份验证与春季安全,但得到error 52e
,下面是我的春天安全LDAP验证码:春季启动LDAP身份验证与LDAP错误代码失败49 - 80090308数据52E
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
auth.ldapAuthentication()
.contextSource().url("ldap://192.168.1.5:389/DC=zonetest,DC=lk")
.managerDn("[email protected],DC=zonetest,DC=lk").managerPassword("[email protected]")
.and()
.userSearchBase("OU=SL Users")
.userSearchFilter("(CN={0})");
}
我的LDAP结构在屏幕截图供参考:
我在邮递员客户端收到此错误
{
"timestamp": 1505368170503,
"status": 401,
"error": "Unauthorized",
"message": "[LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580\u0000]; nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903C5, comment: AcceptSecurityContext error, data 52e, v2580\u0000]",
"path": "/"
}
请帮助我。
答
没有为LDAP authentication.i另一种简单的方法,用下面的代码做LDAP认证。本工作对我来说就像一个魅力:
package app.config;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider;
import java.util.Arrays;
@Configuration
@EnableWebSecurity
public class WebSecurityConfigAD extends WebSecurityConfigurerAdapter {
@Value("${ad.domain}")
private String AD_DOMAIN;
@Value("${ad.url}")
private String AD_URL;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.authorizeRequests().anyRequest().authenticated().and().httpBasic();
}
@Override
protected void configure(AuthenticationManagerBuilder authManagerBuilder) throws Exception {
authManagerBuilder.authenticationProvider(activeDirectoryLdapAuthenticationProvider()).userDetailsService(userDetailsService());
}
@Bean
public AuthenticationManager authenticationManager() {
return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
}
@Bean
public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(AD_DOMAIN, AD_URL);
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
return provider;
}
}
你确定你可以在OU名称中使用空格? “SL用户” –
我试图删除ou名称中的空格,并将其作为“SLUsers”,但仍然是Ldap 52e错误。 –
(http://www-01.ibm.com/support/docview.wss?uid=swg21290631)52e出现无效凭证,所以用户可用,您是否确定使用正确的凭据?你是否对密码进行了散列/加密? –