3

I'm using latest version of both Spring LDAP and Spring security. Also, I'm using annotation based configuration and I have no XML configuration files.

What I'm trying to achieve is really basic, I want to be able to allow users to change their password from my web application.

I've found that I could execute that request through DirContext.modifyAttributes. This method requires two attributes, the first one is the current userDn, which I'm not sure how to easily get through Spring. I'm pretty sure that there's a functionality to get it.

Then using a password Attribute as modification item for the second argument. Now, how can I know the password encoding that needs to be applied to the password provided by the user?

I've never used Spring LDAP / Security and a small, simple example would be awesome. Right now, I'm testing against in-memory ldap, but I'll have to switch to a real LDAP at the end of the week.

Thanks!

Christian Goudreau
  • 411
  • 4
  • 13

1 Answers1

3

You need to use an instance of org.springframework.security.ldap.userdetails.LdapUserDetailsManager, it implements UserDetailsManager and has methods for changing user passwords. To instantiate it in your non-XML configuration, do something like this:

@Bean
public UserDetailsService getUserDetailsService() {
    return new LdapUserDetailsManager(); // TODO give it whatever constructor params it needs
}
SergeyB
  • 9,478
  • 4
  • 33
  • 47
  • How do I get the context that I need to give? – Christian Goudreau Jul 22 '14 at 20:48
  • @ChristianGoudreau - please clarify which class you are talking about overriding `@Override protected UserDetailsService userDetailsService()`. As far as `ContextSource` that you'll need for the constructor, it's an instance of `SpringSecurityContextSource` which you should be able to autowire into `getUserDetailsService()` as a parameter. – SergeyB Jul 22 '14 at 21:01
  • Uhm, I get a NoSuchBeanDefinitionException for ContextSource – Christian Goudreau Jul 22 '14 at 21:07
  • So far, Getting the ContextSource through SecurityContextHolder doesn't work as it can't be casted to the right type. While keeping my setup simple : @Inject public void registerGlobalAuthentication(AuthenticationManagerBuilder auth) throws Exception { auth.ldapAuthentication() .userDnPatterns("uid={0},ou=people") .groupSearchBase("ou=groups"); } Which will use an embedded AD. I'll hook to the real one afterward, but I want the embedded setup for local development purpose since AD is external to the environment we're using and behind firewal – Christian Goudreau Jul 23 '14 at 13:35