You need to set up the configuration file with search parameters for locating your users in the LDAP directory. The sample files use the BindAuthenticator class to locate LDAP users.
Configuring BindAuthenticator
In Spring Security, the task of the BindAuthenticator bean is to access the LDAP directory to determine the DN of the user. To do this, it performs a bind authentication on the LDAP directory, which consists of the following steps:
1. | Using either the pattern matching or a search for the username, find a candidate user entry based on the login name. |
2. | Attempt to login to the LDAP server, known as binding, as the candidate with the login password. |
3. | A successful bind indicates that the right user was found. |
The ldapAuthenticationProvider bean must be initialized with a bean of the class BindAuthenticator that encapsulates search parameters for finding users in the LDAP directory. There are two ways of finding users in the directory:
In terms of performance, matching patterns is faster because doing so checks for the existence of a DN in the LDAP directory as opposed to performing a search. You can configure both matching and searching by combining the instructions in the following subsections. In this case, the patterns are matched first, and the search is performed only if no match is found.
The purpose of the user search during LDAP authentication is to locate a single user entry that validates the password given during the login process. Also, the LDAP entry located by the user search is later used to map roles and organizations. Regardless of the LDAP entry, the user is assigned the login name given during the login process. |
Each time a user logs in, their roles and status are updated via your chosen method and synchronized with the internal jasperserver database. If you want to disable an external user or modify their external roles, you must do so in your LDAP directory. |
Recommended Comments
There are no comments to display.