Spring Boot LDAP Authentication: Always get bad credentials

问题

I'm trying to authenticate with a Spring Boot application against an Active Directory server in my local network, but I don't know what could I be doing wrong.

When I access localhost I am redirected to the login page:

Whenever I write any real user credentials, I'm redirected to the same page with an error message:

If I send a random word as user and password I get the same login error screen, but additionaly this message is shown from Eclipse console:

2016-02-04 18:54:47.591  INFO 10092 --- [nio-8080-exec-8] ctiveDirectoryLdapAuthenticationProvider : Active Directory authentication failed: Supplied password was invalid

From the Active Directory Server, the distinguishedName of the group that I want to access is: CN=Bulnes,OU=Usuarios Locales,DC=Bulnes,DC=local, so it is configured in security configuration class like this:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter{
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .antMatchers("/css/**").permitAll()
                .anyRequest().fullyAuthenticated()
                .and()
            .formLogin();
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            ActiveDirectoryLdapAuthenticationProvider provider=
                    new ActiveDirectoryLdapAuthenticationProvider("bulnes.local"
                            ,"ldap://192.168.1.3:389/"
                            ,"CN=Bulnes,OU=Usuarios Locales,DC=Bulnes,DC=local");
            auth.authenticationProvider(provider);
        }
    }
}

回答1:

This is how I have it working:

ad.properties

ad.url=ldap://yourserver.abc.com:389
ad.domain=abc.com

WebSecurityConfig.java

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {   

    @Value("${ad.domain}")
    private String adDomain;

    @Value("${ad.url}")
    private String adUrl;

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/login", "/css/**", "/public/**").permitAll().anyRequest().authenticated()
                .and().formLogin().loginPage("/login").defaultSuccessUrl("/", true)             
                .failureUrl("/login?failed=badcredentials")
                .permitAll().and().logout().logoutUrl("/logout")
                .logoutSuccessUrl("/login");
    }

    @Bean
    @Override
    public AuthenticationManager authenticationManager() {
        return new ProviderManager(Arrays.asList(activeDirectoryLdapAuthenticationProvider()));
    }

    @Bean
    public AuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
        ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(adDomain,
                adUrl);
        provider.setConvertSubErrorCodesToExceptions(true);
        provider.setUseAuthenticationRequestCredentials(true);

        return provider;
    }
}

回答2:

Just created the provider like this, and it works fine.

ActiveDirectoryLdapAuthenticationProvider provider=
                    new ActiveDirectoryLdapAuthenticationProvider("bulnes.local"
                            ,"ldap://192.168.1.3:389);

It still gives an exception but at least authenticates

2016-02-04 21:30:36.293  INFO 12056 --- [nio-8080-exec-3] o.s.s.ldap.SpringSecurityLdapTemplate    : Ignoring PartialResultException

来源：https://stackoverflow.com/questions/35208404/spring-boot-ldap-authentication-always-get-bad-credentials