Spring Security
  1. Spring Security
  2. SEC-1915

Add cutomisation of search filter in ActiveDirectoryLdapAuthenticationProvider

    Details

    • Type: New Feature New Feature
    • Status: Open
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 3.1.0
    • Fix Version/s: None
    • Component/s: LDAP
    • Labels:
      None

      Description

      Currently the search filter used when retrieving user details is hard coded to '(&(objectClass=user)(userPrincipalName=

      {0}

      ))'.

      When this hard coded filter is not consistent with the actual active directory instance it causes a org.springframework.dao.IncorrectResultSizeDataAccessException because the search returns with empty results after successful authentication.

      A possible solution is to modify the class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider to allow a configurable search filter via bean configuration.

      Another possible solution is to make the class org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider extendable instead of final with protected instead of private functional methods to allow for easier customisation.

      See question
      http://stackoverflow.com/questions/9258047/spring-security-3-1-active-directory-authentication

        Activity

        Hide
        Tseliso Molukanele added a comment -

        This is a patch solving this problem according to the first suggestion in the issue description.

        The patch adds new properties to enable configuration of user searching to make it more dynamic and capable.

        Show
        Tseliso Molukanele added a comment - This is a patch solving this problem according to the first suggestion in the issue description. The patch adds new properties to enable configuration of user searching to make it more dynamic and capable.
        Hide
        Cuong Q. Tran added a comment -

        I'd suggest to pass both the dn and username as arguments to the search filter (

        {0}

        and

        {1}

        ).

        Show
        Cuong Q. Tran added a comment - I'd suggest to pass both the dn and username as arguments to the search filter ( {0} and {1} ).
        Hide
        Andrejs added a comment -
        Show
        Andrejs added a comment - Submitted as pull request https://github.com/SpringSource/spring-security/pull/18
        Hide
        Lefebvre added a comment -

        When do you plan to release this patch ?

        Show
        Lefebvre added a comment - When do you plan to release this patch ?
        Hide
        Andrejs added a comment -

        @Lefebvre The patch is submitted as a pull request but hasn't been merged in yet.

        Show
        Andrejs added a comment - @Lefebvre The patch is submitted as a pull request but hasn't been merged in yet.

          People

          • Assignee:
            Unassigned
            Reporter:
            Tseliso Molukanele
          • Votes:
            4 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

            • Created:
              Updated: