Issue with Spring Boot Guide - Authenticating a User with LDAP

Question

The Spring Boot Getting Started guide "Authenticating a User with LDAP" gives java.net.ConnectException: Connection refused

I have just followed step by step instructions in this getting started guide -

https://spring.io/guides/gs/authenticating-ldap/

Did development in STS

Same as in the example above by spring.io

Towards the end, the guide points out that there should be a clean login for username= bob and password=bobspassword

My application on the other had generates this error when I enter the same credentials in the login form-

localhost:8389; nested exception is javax.naming.CommunicationException: localhost:8389 [Root exception is java.net.ConnectException: Connection refused (Connection refused)]

Answer 1

The guide's complete didn't even work out of the box for me. After quite some experimentations, eventually below was how it worked out on my end:

(1) application.properties

spring.ldap.embedded.ldif=classpath:test-server.ldif
spring.ldap.embedded.base-dn=dc=springframework,dc=org
spring.ldap.embedded.port=8399 

ATTENTION 8399 here, not 8389. 8389 was listening on my Windows 10, and I verified that by doing netstat -an |find /i "389". But even with that working, the Spring Security login page kept complaining about Embedded ldap connection refused to port 8399. That's what inspired me to change the port number from 8389 to 8399. Note that I first added a new "Inbound Rule" in Windows Firewall for 8399. Follow this link for instructions about how to open or close a port https://docs.bitnami.com/installer/faq/windows-faq/administration/use-firewall-windows/

(2) Based off the sample code provided by the Spring Guides, Change/Remove the two lines as commented below:

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userDnPatterns("uid={0},ou=people")
        .groupSearchBase("ou=groups")
        .contextSource()
          .url("ldap://localhost:8389/dc=springframework,dc=org")//CHANGE 8389 to 8399
          .and()
        .passwordCompare()
          .passwordEncoder(new BCryptPasswordEncoder()) //REMOVE this line
          .passwordAttribute("userPassword");
  }
}

Removing .passwordEncoder(new BCryptPasswordEncoder()) cuts off complexities if you just began with this Spring Guides tutorial for authenticating with LDAP. If you don't like cutting the corners, you need to refer to some other great Stackoverflow posts for what it takes to make the passwordEncoder work. Right now, my solution is only scoped to make the easiest test like "bob" for uid and "bobspassword" for userPassword to work. Without removing BCrytPasswordEncoder() as shown above, you'll see a warning when testing with "bob" and "bobspassword": "Encoded passoword does not look like BCrypt".

That was all I deviated from the guide and then I could log in with "bob" and "bobspassword" etc. as predefined in test-server.ldif.

Answer 2

The problem is that the guide at https://spring.io/guides/gs/authenticating-ldap/ does not mention how to set up your application.properties file.

SOLUTION: You need the set the below properties in your resources/application.properties file

spring.ldap.embedded.port=8389
spring.ldap.embedded.ldif=classpath:test-server.ldif
spring.ldap.embedded.base-dn=dc=springframework,dc=org

Copy the above code to your application.properties file, restart your Spring Application and it should work.

I discovered this thanks to tkhenghong's answer and the code he uploaded to his github.