Skip to content

Add Active Directory implementation of LdapAuthenticator #4064

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Add Active Directory implementation of LdapAuthenticator #4064

wants to merge 1 commit into from

Conversation

jgrandja
Copy link
Contributor

@jgrandja jgrandja commented Sep 19, 2016
edited by rwinch
Loading

The intention of this update is to replace/deprecate
ActiveDirectoryLdapAuthenticationProvider with this new implementation
of a Active Directory specific LdapAuthenticator.

Related to #3950, #3933, #249, #246, #74, #2390

@jgrandja
Add Active Directory implementation of LdapAuthenticator
aa1dc82 
The intention of this update is to replace/deprecate
ActiveDirectoryLdapAuthenticationProvider with this new implementation
of a Active Directory specific LdapAuthenticator.
@jgrandja jgrandja added in progress in: ldap An issue in spring-security-ldap type: enhancement A general enhancement labels Sep 19, 2016
This was referenced Sep 19, 2016
Closed
Closed
Closed
Closed
Closed
This was referenced Sep 21, 2016
Closed
Closed
@rwinch rwinch added the status: waiting-for-feedback We need additional information before we can continue label Oct 18, 2016
@steigerm
Copy link

steigerm commented Mar 26, 2017
edited
Loading

Any news on this?
Would probably also solve #2053

BTW, there could be problems with the DefaultAuthenticationPrincipalDecorator when there are trusted domains and the principal's domain != domainFromBaseDN.

steigerm
steigerm reviewed Mar 26, 2017
View reviewed changes
Copy link

@steigerm steigerm left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There could be problems with the DefaultAuthenticationPrincipalDecorator when there are trusted domains and the principal's domain != domainFromBaseDN.

example:
prinicipal="[email protected]"
basedomain="domainB.com"

vborcea
vborcea reviewed Mar 27, 2017
View reviewed changes
...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java
}

public final void setManagerDn(String managerDn) {
Assert.notNull(managerDn, "managerDn is null");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java
}

public final void setSearchBase(String searchBase) {
Assert.notNull(searchBase, "searchBase is null");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java
}

public final void setManagerPassword(String managerPassword) {
Assert.notNull(managerPassword, "managerPassword is null");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java
}

public final void setSearchFilter(String searchFilter) {
Assert.notNull(searchFilter, "searchFilter is null");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java
}

public final void setPasswordAttributeName(String passwordAttributeName) {
Assert.notNull(passwordAttributeName, "passwordAttributeName is null");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that yo could validate for non empty string also: StringUtils.hasText

...va/org/springframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticator.java
}

public final void setPasswordEncoder(PasswordEncoder passwordEncoder) {
Assert.notNull(passwordEncoder, "passwordEncoder is null");
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that yo could validate for non empty string also: StringUtils.hasText

@jgrandja
Copy link
Contributor Author

@steigerm @vborcea Thank you for all the feedback!
This PR has been put on hold for now as our efforts our focused on the upcoming Spring Security 5.0 M1. The 2 new features provided in 5.0 are Reactive support and OAuth2 support and have been the priority as of late. We will definitely get back to this PR soon though.

@steigerm
Copy link

Too bad.
I need #2053 for a customer project in the next weeks.
Now I will have to implement a shorttime workaround solution to fix this.

@rwinch rwinch force-pushed the master branch 2 times, most recently from 0e114c6 to fd244eb Compare June 8, 2017 22:26
@jgrandja jgrandja closed this Apr 28, 2019
@jgrandja jgrandja deleted the ad-ldap-authenticator branch April 28, 2019 19:16
@jgrandja jgrandja restored the ad-ldap-authenticator branch May 2, 2019 10:26
@jgrandja jgrandja reopened this May 2, 2019
@rwinch rwinch removed the in progress label May 3, 2019
@rwinch rwinch removed their assignment Jul 29, 2019
@jgrandja
Copy link
Contributor Author

Closing this PR as it's quite old and may need further updates. I'll submit a new PR when I get a chance to revisit this and apply the necessary changes.

@jgrandja jgrandja closed this Nov 18, 2021
@jgrandja jgrandja self-assigned this Nov 18, 2021
@jgrandja jgrandja added status: declined A suggestion or change that we don't feel we should currently apply and removed status: waiting-for-feedback We need additional information before we can continue labels Nov 18, 2021
@jgrandja jgrandja deleted the ad-ldap-authenticator branch December 7, 2023 09:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@steigerm steigerm steigerm left review comments

@vborcea vborcea vborcea left review comments

Assignees

@jgrandja jgrandja

Labels
in: ldap An issue in spring-security-ldap status: declined A suggestion or change that we don't feel we should currently apply type: enhancement A general enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jgrandja @steigerm @vborcea @rwinch