I want to do LDAP authentication using Spring Boot, but I can't. I just want to check the person who wrote his username and password on our ldap server when he wants to log in. If we have such a user on our ldap server, I want it to rotate something successfully.Otherwise I want it to return the wrong password and either password or connection error. Seriously, it took me a while to figure it out. I've looked at all the sources, I've watched video lessons, but they're all reading from the pre-existing ldif file. But I just want to check the username and password entered from our own LDAP server using Spring Boot, not from any existing file.
so I found new tutorial topics, which there is using ldap test server, what I want to do. I have successfully login when I type username and password of their given.
application.properties file
ldap.enabled = true
####### LDAP ##############
ldap.urls= ldap:
ldap.base.dn= dc=example,dc=com
ldap.username= cn=read-only-admin,dc=example,dc=com
ldap.password= password
ldap.user.dn.pattern = uid={0}
server.port=8999
spring.main.banner-mode=off
spring.thymeleaf.cache=false
and this is my Security configuration.
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@Configuration
public class SecurityConfig extends WebSecurityConfigurerAdapter{
@Value("${ldap.urls}")
private String ldapUrls;
@Value("${ldap.base.dn}")
private String ldapBaseDn;
@Value("${ldap.username}")
private String ldapSecurityPrincipal;
@Value("${ldap.password}")
private String ldapPrincipalPassword;
@Value("${ldap.user.dn.pattern}")
private String ldapUserDnPattern;
@Value("${ldap.enabled}")
private String ldapEnabled;
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.antMatchers("/login**").permitAll()
.antMatchers("/profile/**").fullyAuthenticated()
.antMatchers("/").permitAll()
.and()
.formLogin()
.loginPage("/login")
.failureUrl("/login?error")
.permitAll()
.and()
.logout()
.invalidateHttpSession(true)
.deleteCookies("JSESSIONID")
.permitAll();
}
@Override
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
if(Boolean.parseBoolean(ldapEnabled)) {
auth
.ldapAuthentication()
.contextSource()
.url(ldapUrls + ldapBaseDn)
.managerDn(ldapSecurityPrincipal)
.managerPassword(ldapPrincipalPassword)
.and()
.userDnPatterns(ldapUserDnPattern);
} else {
auth
.inMemoryAuthentication()
.withUser("user").password("password").roles("USER")
.and()
.withUser("admin").password("admin").roles("ADMIN");
}
}
}
But When I change url , base-dn, username and password and When I give our own values I am getting this below error:
Caused by: org.springframework.ldap.CommunicationException: myldapserverurl:389; nested exception is javax.naming.CommunicationException: myldapserverurl:389 [Root exception is java.net.ConnectException: Connection timed out: connect]
Caused by: javax.naming.CommunicationException: myldapserverurl:389
Caused by: java.net.ConnectException: Connection timed out: connect
Afterwards I thought that my application.properties file doesn't need the password information because in our ldap server each user has their own password. So I delete ldap.password key and do comment
@Value("${ldap.password}")
private String ldapPrincipalPassword;
and this line. .managerPassword(ldapPrincipalPassword)
Now when I run the program again I get the following error.
Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: managerPassword is required if managerDn is supplied
Caused by: java.lang.IllegalStateException: managerPassword is required if managerDn is supplied
In short, what I want from you. I want to perform my LDAP operations using Spring Boot without ldif file. can someone helps me about this topic?What should I change?
What I have tried:
I tried to many ways but still I couldn't