How to connect with an external/online LDAP server using Spring Boot?

Question

I am trying to integrate LDAP based login in my Spring Boot application.

As initial step, I am trying to use this LDAP server (http://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/).

But, I am unable to successfully connect with the server and getting this error.

nested exception is javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]

I am using this information in configuration class.

authenticationManagerBuilder.ldapAuthentication()
            .contextSource().url("ldap://ldap.forumsys.com:389/dc=example,dc=com")
            .managerDn("cn=read-only-admin,dc=example,dc=com").managerPassword("password")
            .and()
            .userSearchBase("ou=mathematicians")
            .groupSearchBase("ou=mathematicians")
            .userSearchFilter("(cn={0})");

And this is my application.properties file for this project.

spring.ldap.urls=ldap.forumsys.com:389
spring.ldap.base=cn=read-only-admin,dc=example,dc=com
spring.ldap.password=password

Can anyone provide a working configuration for a Spring Boot application using an LDAP server?

Answer 1

As I was getting this error code from LDAP server.

LDAP: error code 49 - Invalid Credentials

The issue was with information that I was sending to LDAP server for opening a communication channel. So when I changed my request to a different object it started to working.

Here is the correct reqeust that we need to send from Spring to LDAP server.

authenticationManagerBuilder
                .ldapAuthentication()
                .userDetailsContextMapper(inetOrgPersonContextMapper())
                .userSearchFilter("(uid={0})")
                .userSearchBase("dc=example,dc=com")
                .groupSearchBase("ou=mathematicians,dc=example,dc=com")
                .groupSearchFilter("cn={0}")
                .contextSource()
                .url("ldap://ldap.forumsys.com")
                .port(389)
                .managerDn("cn=read-only-admin,dc=example,dc=com")
                .managerPassword("password");

Answer 2

This is the correct configuration:

authenticationManagerBuilder
             .ldapAuthentication()
             .userSearchFilter("(uid={0})")
             .userSearchBase("dc=example,dc=com")
             .groupSearchFilter("uniqueMember={0}")
             .groupSearchBase("ou=mathematicians,dc=example,dc=com")
             .userDnPatterns("uid={0}")
             .contextSource()
             .url("ldap://ldap.forumsys.com:389")
             .managerDn("cn=read-only-admin,dc=example,dc=com")
             .managerPassword("password");