私は問題があります。春のセキュリティでADに認証しようとしましたが、次のスタックトレースが表示されるたびに認証できません:
2013-10-10 11:22:18.923 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.a.LdapAuthenticationProvider - Processing authentication request for user: Ivan.Ivanov
2013-10-10 11:22:18.924 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.s.FilterBasedLdapUserSearch - Searching for user 'Ivan.Ivanov', with user search [ searchFilter: '(&(sAMAccountName={0})(objectclass=user))', searchBase: 'DC=MyCompany,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2013-10-10 11:22:19.104 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Searching for entry in under DN '', base = 'DC=MyCompany,DC=com', filter = '(&(sAMAccountName={0})(objectclass=user))'
2013-10-10 11:22:19.114 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Found DN: cn=Ivanov Ivan,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.119 FET INFO [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Ignoring PartialResultException
2013-10-10 11:22:19.121 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.a.BindAuthenticator - Attempting to bind as cn=Ivan.Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.122 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.DefaultSpringSecurityContextSource - Removing pooling flag for user cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.303 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Getting authorities for user cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com
2013-10-10 11:22:19.304 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.u.DefaultLdapAuthoritiesPopulator - Searching for roles for user 'Ivan.Ivanov', DN = 'cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com', with filter (uniqueMember={0}) in search base ''
2013-10-10 11:22:19.304 FET DEBUG [http-apr-8080-exec-3] o.s.s.l.SpringSecurityLdapTemplate - Using filter: (uniqueMember=cn=Ivan Ivanov,ou=Departmant 1.1.1,ou=Depatment 1.1,ou=Department ,ou=Users,ou=MyCompany JSC,ou=MyCompany Group,dc=MyCompany,dc=com)
2013-10-10 11:22:19.306 FET INFO [http-apr-8080-exec-3] o.s.l.c.LdapTemplate - The returnObjFlag of supplied SearchControls is not set but a ContextMapper is used - setting flag to true
2013-10-10 11:22:19.343 FET WARN [http-apr-8080-exec-3] o.s.s.a.e.LoggerListener - Authentication event AuthenticationFailureServiceExceptionEvent: Ivan.Ivanov; details: org.springframework.security.web.authentication.WebAuthenticationDetails@fffd148a: RemoteIpAddress: 127.0.0.1; SessionId: D2C31B0111572159FA65357E652352D4; exception: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:'' ]; nested exception is javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001E5, problem 2001 (NO_OBJECT), data 0, best match of:'' ]; remaining name ''
私の構成 *-security.xml は次のとおりです。
<authentication-manager alias="authenticationManager">
<ldap-authentication-provider server-ref="contextSource"
user-search-base="OU=Deparment 1,OU=Users,OU=MyCompany JSC,OU=MyCompany Group,DC=MyCompany,DC=com"
user-search-filter="(&(sAMAccountName={0})(objectclass=user))"
role-prefix="none">
</ldap-authentication-provider>
</authentication-manager>
ロールを確認したくありません。資格情報を確認したいだけです。役割の検索をオフにするにはどうすればよいですか?
AD では、ユーザーのパス全体は次のとおりです。
CN=Ivanov Ivan,OU=Department 1.1.1,OU=Department 1.1,OU=Department 1,OU=Users,OU=MyCompany JSC,OU=MyCompany Group,DC=MyCompany,DC=com