The Active Directory Security Module (security-ad) includes the ActiveDirectoryAuthenticationProvider, which implements the simple authentication(username,password) interface using an Microsoft Active Directory (AD) Server. The Active Directory and LDAP Configuration bean is used to configure this bean with details of the AD server.
These features require that the security-ad module be included when you run createproject to create the project directories.
View incoming links.
Authenticate a Username
To authenticate a username, the AD Authentication Provider does the following:
- A query is issued for the distinguished name (DN) of the username provided (e.g. sAMAccountName=%username%) This query uses the bindDn and bindPassword credentials.
- A query is issued for all groups and nested groups that include this DN. This query uses the user's DN and password to authenticate the user.
- For each group returned, a role is added to the principal.e
The following example creates a Active Directory Authentication Provider using a shared Active Directory and LDAP Configuration bean.
bindDn acount must have search permission to all objects within the
The authenticated user must have search permission to all their groups.