Add Active Directory implementation of LdapAuthenticator#4064

Closed

jgrandja wants to merge 1 commit intospring-projects:mainfrom

jgrandja:ad-ldap-authenticator

Contributor

jgrandja commented Sep 19, 2016 •

edited by rwinch

Loading

The intention of this update is to replace/deprecate
ActiveDirectoryLdapAuthenticationProvider with this new implementation
of a Active Directory specific LdapAuthenticator.

Related to #3950, #3933, #249, #246, #74, #2390


          Add Active Directory implementation of LdapAuthenticator

aa1dc82

The intention of this update is to replace/deprecate
ActiveDirectoryLdapAuthenticationProvider with this new implementation
of a Active Directory specific LdapAuthenticator.

jgrandja added in progress in: ldap type: enhancement labels

jgrandja assigned rwinch

This was referenced Sep 19, 2016

AD-bind-principal: New abstraction for ActiveDirectory LDAP auth #246

Closed

Allow using username in Active Directory LDAP search filter #3950

Closed

Feature for using different bind user in active directory LDAP authentication provider #3933

Closed

Add username as an option for SearchFilter #249

Closed

Add ability to provide custom search root/filter when creating ActiveDirectoryLDAPAuthenticationProvider #74

Closed

This was referenced Sep 21, 2016

Add support for a custom LdapAuthoritiesPopulator to ActiveDirectoryL… #3940

Closed

SEC-2163: Adding support for LdapAuthoritiesPopulator to Spring Active-Directory Authentication provider class #2390

Closed

rwinch added the status: waiting-for-feedback label

steigerm commented Mar 26, 2017 •

edited

Loading

Any news on this?
Would probably also solve #2053

BTW, there could be problems with the DefaultAuthenticationPrincipalDecorator when there are trusted domains and the principal's domain != domainFromBaseDN.

steigerm reviewed

View reviewed changes

steigerm left a comment

There could be problems with the DefaultAuthenticationPrincipalDecorator when there are trusted domains and the principal's domain != domainFromBaseDN.

example:
prinicipal="user@domainA.com"
basedomain="domainB.com"

vborcea reviewed

View reviewed changes

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java

+              	}
+              	public final void setManagerDn(String managerDn) {
+              		Assert.notNull(managerDn, "managerDn is null");

vborcea Feb 9, 2017

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java

+              	}
+              	public final void setSearchBase(String searchBase) {
+              		Assert.notNull(searchBase, "searchBase is null");

vborcea Feb 9, 2017

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java

+              	}
+              	public final void setManagerPassword(String managerPassword) {
+              		Assert.notNull(managerPassword, "managerPassword is null");

vborcea Feb 9, 2017

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java

+              	}
+              	public final void setSearchFilter(String searchFilter) {
+              		Assert.notNull(searchFilter, "searchFilter is null");

vborcea Feb 9, 2017

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java

+              	}
+              	public final void setPasswordAttributeName(String passwordAttributeName) {
+              		Assert.notNull(passwordAttributeName, "passwordAttributeName is null");

vborcea Feb 9, 2017

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java

+              	}
+              	public final void setPasswordEncoder(PasswordEncoder passwordEncoder) {
+              		Assert.notNull(passwordEncoder, "passwordEncoder is null");

vborcea Feb 9, 2017

I think that yo could validate for non empty string also: StringUtils.hasText

Contributor Author

jgrandja commented Mar 27, 2017

@steigerm @vborcea Thank you for all the feedback!
This PR has been put on hold for now as our efforts our focused on the upcoming Spring Security 5.0 M1. The 2 new features provided in 5.0 are Reactive support and OAuth2 support and have been the priority as of late. We will definitely get back to this PR soon though.

steigerm commented Mar 27, 2017

Too bad.
I need #2053 for a customer project in the next weeks.
Now I will have to implement a shorttime workaround solution to fix this.

rwinch force-pushed the master branch 2 times, most recently from 0e114c6 to fd244eb Compare

June 8, 2017 22:26

rwinch force-pushed the master branch from 5737fd7 to 62e7762 Compare

November 27, 2017 19:48

rwinch force-pushed the master branch from f8d5f50 to eb067bc Compare

April 30, 2018 17:16

jgrandja closed this

jgrandja deleted the ad-ldap-authenticator branch

April 28, 2019 19:16

jgrandja restored the ad-ldap-authenticator branch

May 2, 2019 10:26

jgrandja reopened this

rwinch removed the in progress label

rwinch removed their assignment

Contributor Author

jgrandja commented Nov 18, 2021

Closing this PR as it's quite old and may need further updates. I'll submit a new PR when I get a chance to revisit this and apply the necessary changes.

jgrandja closed this

jgrandja self-assigned this

jgrandja added status: declined and removed status: waiting-for-feedback labels

jgrandja deleted the ad-ldap-authenticator branch

December 7, 2023 09:01

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

in: ldap status: declined type: enhancement