The Active Directory Security Module (security-ad) includes the LdapAuthenticationProvider class, which implements the simple authentication(username,password) interface using an LDAP Server. The Active Directory and LDAP Configuration bean is used to configure this bean with details of the AD server.
These features require that the security-ad module be included when you run createproject to create the project directories.
View incoming links.
Authenticate a Username
To authenticate a username, the LDAP Authentication Provider does the following:
- A query is issued to determine the distinguished name (DN) of the user ID provided (e.g. uid=%username%) This query uses the bindDn and bindPassword credentials.
- A context is created for the user's DN using the user's password - that establishes the user's credentials.
- A query is issued to find all groups and nested groups that include this DN. This query uses the user's DN and password to authenticate the user.
- For each group returned, a role is added to the principal.
The following example creates an LDAP Authentication Provider using a shared Active Directory and LDAP Configuration bean.
<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="http://www.springframework.org/schema/beans" xmlns:util="http://www.springframework.org/schema/util" xmlns:sec="http://www.springframework.org/schema/security" xsi:schemaLocation=" http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util.xsd http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd"> <bean id="defaultAuthenticationProvider" class="com.attivio.securityad.authentication.LdapAuthenticationProvider"> <property name="config" ref="ldapDirectoryConfig" /> </bean> </beans>
bindDn acount must have search permission to all objects within the
The authenticated user must have search permission to all their groups.