Skip to content

Add ability to provide custom search root/filter when creating ActiveDirectoryLDAPAuthenticationProvider #74

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add ability to provide custom search root/filter when creating ActiveDirectoryLDAPAuthenticationProvider #74

wants to merge 1 commit into from

Conversation

jdpgrailsdev
Copy link

The current implementation of the ActiveDirectoryLdapAuthenticationProvider does not allow for a custom search root/filter. The attached change adds a new constructor that allows for a custom search root and filter to be provided and used if present. Otherwise, the current logic is used for generating the search root and filter used to find the user in AD.

Added support for providing a custom search root and search filter wh…
17b5ba2 
…en configuring an ActiveDirectoryLdapAuthenticationProvider.
@ghatchue
Copy link

ghatchue commented Sep 4, 2014

  1. Allowing the search root to be customized would certainly be useful.
    The default/generated search root doesn't work for my company AD server because the domain (e.g. us.example.com) doesn't match the user principal name in our configuration. ([email protected]).
  2. Allowing the search filter to be customized as is suggested in this pull request has very limited use-cases. For example, it wouldn't allow you to bind using a different username attribute like sAMAccountName. This is because the search filter is customization, but the bind value is not (bindPrincipal = createBindPrincipal(username)).

Removing the final modifier on this class would help a lot.

@pivotal-issuemaster
Copy link

pivotal-issuemaster commented Jun 9, 2016
edited
Loading

@jdpgrailsdev Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@pivotal-issuemaster
Copy link

@jdpgrailsdev Please sign the Contributor License Agreement!

Click here to manually synchronize the status of this Pull Request.

See the FAQ for frequently asked questions.

@jdpgrailsdev
Copy link
Author

@rwinch @ghatchue Is it worth trying to dust off this PR and re-submit it? Admittedly, I haven't been doing much in the spring-security space lately, so this functionality has already been added, I can close this PR.

@rwinch rwinch added this to the 4.2.0 M1 milestone Jun 21, 2016
@rwinch
Copy link
Member

rwinch commented Jun 21, 2016

@jdpgrailsdev Thanks for touching base. We plan to integrate this in 4.2.0.M1 which will be starting as soon as we get 4.1.1 out.

@andrei-ivanov
Copy link
Contributor

I've just tried to use the ActiveDirectoryLDAPAuthenticationProvider to realize that this change might also help my situation:
The AD accepts bind using userId@domain combination but searchForUser fails as userPrincipalName is andrei.ivanov@domain, not userId@domain.
I hope this change would allow to change the filter and the value that gets passed to it, which is hardcoded to createBindPrincipal(username).

@jdpgrailsdev
Copy link
Author

@rwinch Sounds good. Let me know if you need me to do anything with this PR. Otherwise, feel free to close this if you have a similar fix already in the pipe.

@pivotal-issuemaster
Copy link

@jdpgrailsdev Thank you for signing the Contributor License Agreement!

@jgrandja jgrandja self-assigned this Sep 1, 2016
@jgrandja jgrandja mentioned this pull request Sep 19, 2016
Closed
@jgrandja
Copy link
Contributor

Thanks for submitting this PR @jdpgrailsdev.

We are currently re-thinking our approach to an Active Directory AuthenticationProvider implementation. Our direction is to deprecate ActiveDirectoryLdapAuthenticationProvider and leverage the existing LdapAuthenticationProvider and provide a custom strategy of LdapAuthenticator for Active Directory.

The work has already started in #4064 if you would like to track the progress and provide any input/feedback.

I'm going to close this PR as we will address your input/feedback in #4064.
Thank you.

@jgrandja jgrandja closed this Sep 19, 2016
@jgrandja jgrandja added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-triage An issue we've not yet triaged labels Sep 19, 2016
@jgrandja jgrandja removed this from the 4.2.0 M1 milestone Sep 19, 2016
jgrandja added a commit to jgrandja/spring-security that referenced this pull request Jul 8, 2019
@jgrandja
Introduce OAuth2AuthorizedClientManager
8f046db 
- spring-projects#73 Introduce OAuth2AuthorizedClientManager
- spring-projects#74 Integrate OAuth2AuthorizedClientManager with OAuth2AuthorizedClientProvider(s)
- spring-projects#81 Add builder for OAuth2AuthorizedClientProvider
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@jgrandja jgrandja

Labels
status: declined A suggestion or change that we don't feel we should currently apply
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@jdpgrailsdev @ghatchue @pivotal-issuemaster @rwinch @andrei-ivanov @jgrandja