spring-securityopenldapspring-security-ldap

Spring Security returns "Bad Credentials" with no exception on LDAP based authentication


I am trying to create Sprint Boot, Spring Security 6, LDAP Server (external not embedded) based authentication application. When I spin up the app and provide the username (uid) and password on the login form I get a "Bad Credentials" message displayed on the UI. There are no exceptions reported in the application log. I do not understand what is causing "Bad Credentials" message to be displayed. Any pointers are much appreciated. This is what my config file looks like

@Configuration
@EnableWebSecurity
public class WebSecurityConfig {

    @Bean
    public SecurityFilterChain securityFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.authorizeHttpRequests().anyRequest().fullyAuthenticated()
                .and()
                .formLogin();
        httpSecurity.authenticationProvider(ldapAuthenticationProvider());
        return httpSecurity.build();
    }

    @Bean
    LdapAuthenticationProvider ldapAuthenticationProvider() {
        return new LdapAuthenticationProvider(authenticator());
    }

    @Bean
    BindAuthenticator authenticator() {
        FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch("ou=people", "(uid={0})", contextSource());
        BindAuthenticator authenticator = new BindAuthenticator(contextSource());
        authenticator.setUserSearch(search);
        return authenticator;
    }

    @Bean
    public DefaultSpringSecurityContextSource contextSource() {
        DefaultSpringSecurityContextSource dsCtx = new DefaultSpringSecurityContextSource("ldap://localhost:389/dc=example,dc=com");
        dsCtx.setUserDn("cn=admin,dc=example,dc=com");
        dsCtx.setPassword("password");

        return dsCtx;
    }
}

When I try to find user using ldapsearch command I do get the user info

MacBook-Pro:springsecuritywithldapdemo$ ldapsearch -LLL -x -H ldap:// -t -b "dc=example,dc=com" "uid=jsmith1"
dn: uid=jsmith1,ou=people,dc=example,dc=com
objectClass: inetOrgPerson
description: John Smith from Accounting.  John is the project manager of the b
 uilding project, so contact him with any questions.
cn: John Smith
sn: Smith
uid: jsmith1
userPassword:: anNtaXRoMTIz

I have gone through many of the search results returned by google on different searches, most of them have used an older version of Spring Security or have used JDBC authentication with Spring Security 6. I have referred to the youtube tutorials to see if I am doing anything wrong but doesn't look like.


Solution

  • First of all I wanted to thank you because based on your solution I was able to solve the same problem in my application. Compared to your solution the only things I have changed are:

    FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(
      "cn=users,cn=accounts,dc=example,dc=com",
      "(uid={0})",
      contextSource()
    );
    

    And so in your case you should try:

    FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(
      "ou=people,dc=example,dc=com",
      "(uid={0})", contextSource()
    );
    

    And then I also had to make the following changes:

    DefaultSpringSecurityContextSource dsCtx = new DefaultSpringSecurityContextSource("ldap://localhost:389");
    dsCtx.setUserDn("uid=admin,cn=users,cn=accounts,dc=example,dc=com");
    

    Which in your case I think is almost identical since I think you also have a user with uid=admin. I hope it will solve your problem, as it did for me.