Authentication with Microsoft Active Directory

Microsoft Active Directory can be used to authenticate users through the ldapAuthenticationProvider provided by Spring Security.

For the purposes of basic external authentication, the only difference in configuration between Active Directory and a standard LDAP server is the need to search for the sAMAccountName attribute containing the user’s login name. Because of this requirement, you must use the BindAuthenticator bean, along with the userSearch bean and corresponding property in BindAuthenticator.

The following example shows how to configure the userSearch bean for LDAP authentication with the special syntax for Active Directory. This configuration is only an example; you need to configure the BindAuthenticator and ldapContextSource beans correctly for your LDAP server, as described earlier in this chapter.

<bean id="ldapAuthenticationProvider"
      <constructor-arg><ref local="ldapContextSource"/></constructor-arg>
      <property name="userDnPatterns">
<bean id="ldapContextSource"
  <constructor-arg value="ldap://hostname:389/dc=ADexample,dc=com"/>
  <property name="userDn"><value>cn=Administrator,dc=ADexample,dc=com</value></property>
  <property name="password"><value>password</value></property>
<bean id="userSearch"
  <constructor-arg index="0"><value>cn=Users</value></constructor-arg>
  <constructor-arg index="1"><value>(sAMAccountName={0})</value></constructor-arg>
  <constructor-arg index="2"><ref local="ldapContextSource"/></constructor-arg>
  <property name="searchSubtree"><value>true</value></property>

In the example above, the role mapping is omitted, as is the organization mapping. You must include a role mapping for any roles you want to import into JasperReports Server, and you must include an organization mapping if you implement multiple organizations in a commercial edition of JasperReports Server. For more information, see Mapping the User Roles.