Ok, I've attached the full file. The relevant bits are: At the top of the file, enabling the LDAP authentication provider: <bean id="authenticationManager" class="org.springframework.security.providers.ProviderManager"> <property name="providers"> <list> <ref local="ldapAuthenticationProvider"/> <ref bean="${bean.daoAuthenticationProvider}"/> <ref bean="anonymousAuthenticationProvider"/> <!--ref local="jaasAuthenticationProvider"/--> </list> </property> </bean> And then the LDAP configuration sections: For LDAP authentication --> <bean id="ldapContextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource"> <constructor-arg value="ldap://dc1.company.internal:389"/> <!-- You may not need the next properties --> <property name="userDn"><value>CN=Jasper Ldap,OU=Resource,OU=Employees,DC=company,DC=internal</value></property> <property name="password"><value>password</value></property> </bean> <!-- For LDAP authentication This bean is not used by default --> <bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch"> <constructor-arg index="0"> <value>OU=Employees,DC=company,DC=internal</value> </constructor-arg> <constructor-arg index="1"> <value>(sAMAccountName={0})</value> </constructor-arg> <constructor-arg index="2"> <ref local="ldapContextSource" /> </constructor-arg> <property name="searchSubtree"> <value>true</value> </property> </bean> <!-- For LDAP authentication --> <bean id="ldapAuthenticationProvider" class="org.springframework.security.providers.ldap.LdapAuthenticationProvider"> <constructor-arg> <bean class="org.springframework.security.providers.ldap.authenticator.BindAuthenticator"> <constructor-arg><ref local="ldapContextSource"/></constructor-arg> <!-- -property name="userDnPatterns"><list><value>uid={0}</value></list></property- --> <property name="userSearch" ref="userSearch"/> </bean> </constructor-arg> <constructor-arg> <bean class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator"> <constructor-arg index="0"><ref local="ldapContextSource"/></constructor-arg> <constructor-arg index="1"><value>OU=Groups,OU=Employees,DC=company,DC=internal</value></constructor-arg> <property name="groupRoleAttribute"><value>cn</value></property> <!--<property name="groupSearchFilter"><value>(&(uniqueMember={0})(objectclass=groupofuniquenames))</value></property>--> <property name="searchSubtree"><value>true</value></property> </bean> </constructor-arg> </bean> Note that I created the "Jasper Ldap" user to be able to access AD in the first place (it doesn't allow anonymous access) and that in our setup we have an OU called "Employees" off of the domain. Your setup might be slightly different, in that you might have an OU called "People" and then "Employees" off of that (or you might call the OU "Workers" etc...), please adjust according to your setup.