I am trying to retrieve a user (or actually, a third party framework is) from OpenLDAP, using Springs LDAPTemplate, and am noticing some strange behaviour.
When I use the LDAPTemplate to search with:
base:ou=something,ou=somethingElse,dc=oh,dc=my,dc=god
filter:(cn=someUsername)
it works fine, and I get a user back.
But, when I search with this:
base:
filter=(cn=someUsername,ou=something,ou=somethingElse,dc=oh,dc=my,dc=god)
I get nothing, instead I get an error message:
javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name ''
Shouldn't these two searches be equivalent, as they refer to the exact same path in the LDAP three?
As mentioned, this is done by a third party, LdapUserDetailsService in Spring security 3.1.3.RELEASE.
The method in question looks like this:
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
DirContextOperations userData = userSearch.searchForUser(username);
return userDetailsMapper.mapUserFromContext(userData, username,
authoritiesPopulator.getGrantedAuthorities(userData, username));
}
The strange thing here is that userSearch.serachForUser uses separate base and filter, and correctly retrives the user, but then when getting the authorities from authoritiesPopulator, it repeats the search, only with an empty base and everything in filter, which fails due to the abovementioned error.
Update:
I've tried bypassing the Spring-stuff by running ldapsearch directly against OpenLDAP, and I'm getting the same behaviour. Seems to be something with OpenLDAP..
