始终使用 userUserPrincipalName 的搜索过滤器 Active Directory 身份验证失败:提供的密码无效
search filter with userUserPrincipalName always Active Directory authentication failed: Supplied password was invalid
我设置了 samAccountName: mti 并设置了 userPrincipalName=martintig@domena.com。当我使用 sameAccountName 时一切正常,但使用 userPrincipal 则不行。我想同时有两个选项,但首先我只尝试使用 userPricipalName。
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(environmentsVariables.LDAP_DOMAIN, environmentsVariables.LDAP_PROVIDER_URL);
// provider.setSearchFilter("(&(objectClass=user)(samAccountName={1}))");
provider.setSearchFilter("(&(objectClass=user)(userPrincipalName={0}))");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(userDetailsContextMapper());
return provider;
}
I want to have two options in same time
LDAP 允许布尔运算符尝试不同的输入。例如,您可以这样做:
provider.setSearchFilter("(|" +
"(&(objectClass=user)(userPrincipalName={0}))" +
"(&(objectClass=user)(samAccountName={1}))" +
")");
sameAccountName everthing works correct, but with userPrincipal not
默认情况下,Spring安全将take the provided username and append the domain创建绑定主体。因此,如果用户输入 mti 作为用户名,{0} (userPrincipalName1) 将是 mti@domena.com 而 {1} (samAccountName) 将是 mti。这可能是它不适用于 samAccountName.
的原因
我设置了 samAccountName: mti 并设置了 userPrincipalName=martintig@domena.com。当我使用 sameAccountName 时一切正常,但使用 userPrincipal 则不行。我想同时有两个选项,但首先我只尝试使用 userPricipalName。
@Bean
public ActiveDirectoryLdapAuthenticationProvider activeDirectoryLdapAuthenticationProvider() {
ActiveDirectoryLdapAuthenticationProvider provider = new ActiveDirectoryLdapAuthenticationProvider(environmentsVariables.LDAP_DOMAIN, environmentsVariables.LDAP_PROVIDER_URL);
// provider.setSearchFilter("(&(objectClass=user)(samAccountName={1}))");
provider.setSearchFilter("(&(objectClass=user)(userPrincipalName={0}))");
provider.setConvertSubErrorCodesToExceptions(true);
provider.setUseAuthenticationRequestCredentials(true);
provider.setUserDetailsContextMapper(userDetailsContextMapper());
return provider;
}
I want to have two options in same time
LDAP 允许布尔运算符尝试不同的输入。例如,您可以这样做:
provider.setSearchFilter("(|" +
"(&(objectClass=user)(userPrincipalName={0}))" +
"(&(objectClass=user)(samAccountName={1}))" +
")");
sameAccountName everthing works correct, but with userPrincipal not
默认情况下,Spring安全将take the provided username and append the domain创建绑定主体。因此,如果用户输入 mti 作为用户名,{0} (userPrincipalName1) 将是 mti@domena.com 而 {1} (samAccountName) 将是 mti。这可能是它不适用于 samAccountName.