How do you authenticate against an Active Directory server using Spring Security?

Question

I\'m writing a Spring web application that requires users to login. My company has an Active Directory server that I\'d like to make use of for this purpose. However, I\'m

Answer 1

From Luke's answer above:

For reference, Spring Security 3.1 has an authentication provider [specifically for Active Directory][1].

[1]: http://static.springsource.org/spring-security/site/docs/3.1.x/reference/springsecurity-single.html#ldap-active-directory

I tried the above with Spring Security 3.1.1: there are some slight changes from ldap - the active directory groups the user is a member of come through as original case.

Previously under ldap the groups were capitalized and prefixed with "ROLE_", which made them easy to find with a text search in a project but obviously might case problems in a unix group if for some strange reason had 2 separate groups only differentiated by case(ie accounts and Accounts).

Also the syntax requires manual specification of the domain controller name and port, which makes it a bit scary for redundancy. Surely there is a way of looking up the SRV DNS record for the domain in java, ie equivalent of(from Samba 4 howto):

$ host -t SRV _ldap._tcp.samdom.example.com.
_ldap._tcp.samdom.example.com has SRV record 0 100 389 samba.samdom.example.com.

followed by regular A lookup:

$ host -t A samba.samdom.example.com.
samba.samdom.example.com has address 10.0.0.1

(Actually might need to lookup _kerberos SRV record too...)

The above was with Samba4.0rc1, we are progressively upgrading from Samba 3.x LDAP environment to Samba AD one.