-1

I'm trying to connect my SpringBoot app to the ldap server. (not embedded) The problem while i'm trying to connect is :

try auth
2022-02-26 20:31:12.593  INFO 19692 --- [nio-8080-exec-2] o.s.ldap.core.LdapTemplate               : No results found for search, base: ''; filter: '(uid=myemail@company.com)'.
auth FAIL

I don't understand why the base '' is empty because i specified it in the properties.. I don't know if it is the only problem let me know if you can. Thanks!

  ldap:
    urls: ldap://dig.intra.company.fr:389
    base: OU=UTILISATEURS,DC=dig,DC=intra,DC=company,DC=fr
    username: CN=S_BELUGA,CN=Users,DC=dig,DC=intra,DC=company,DC=fr
    password: Password2022
    anonymous-read-only: false

Endpoint

@Autowired
    private AuthenticationManager authenticationManager;
    
    @Operation(summary = "Authentification LDAP")
    @PostMapping(value = "/ldapAuth", consumes = APPLICATION_JSON_VALUE, produces = APPLICATION_JSON_VALUE)
    @ResponseStatus(HttpStatus.OK)
    public void ldap(@Valid @RequestBody UserAuthentificationDTO userAuth) {
    
        authenticationManager.authenticate(new UsernamePasswordAuthenticationToken(userAuth.getEmail(),
            userAuth.getPassword()));
      
    }

WebSecurityConfig

@Configuration
@EnableWebSecurity
@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  private JwtTokenProvider jwtTokenProvider;
  private OpenLdapAuthenticationProvider openLdapAuthenticationProvider;

  public WebSecurityConfig(OpenLdapAuthenticationProvider openLdapAuthenticationProvider,
      JwtTokenProvider jwtTokenProvider) {
    this.openLdapAuthenticationProvider = openLdapAuthenticationProvider;
    this.jwtTokenProvider = jwtTokenProvider;
  }

  @Override
  protected void configure(AuthenticationManagerBuilder auth) throws Exception {  
    auth.authenticationProvider(openLdapAuthenticationProvider);
  }

OpenLdapAuthenticationProvider

@Component
public class OpenLdapAuthenticationProvider implements AuthenticationProvider {

    @Autowired
    private LdapTemplate ldapTemplate;

    @Override
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        System.out.println("try auth");
        Filter filter = new EqualsFilter("uid", authentication.getName());
        Boolean authenticate = ldapTemplate.authenticate(LdapUtils.emptyLdapName(), filter.encode(),
                authentication.getCredentials().toString());
        if (authenticate) {
            System.out.println("utilisateur authentifié avec ldap");
            List<GrantedAuthority> grantedAuthorities = new ArrayList<>();
            grantedAuthorities.add(new SimpleGrantedAuthority("ROLE_USER"));
            UserDetails userDetails = new User(authentication.getName(), authentication.getCredentials().toString(),
                    grantedAuthorities);
            Authentication auth = new UsernamePasswordAuthenticationToken(userDetails,
                    authentication.getCredentials().toString(), grantedAuthorities);
            return auth;

        } else {
            System.out.println("auth FAIL");
            return null;
        }
    }

    @Override
    public boolean supports(Class<?> authentication) {
        return authentication.equals(UsernamePasswordAuthenticationToken.class);
    }
}
Kévin
  • 497
  • 10
  • 37

1 Answers1

0

The problem was with "uid". It should be replaced by "mail" attribute.

Kévin
  • 497
  • 10
  • 37