Spring-boot: Configure LDAP for Spring Security in application.properties
We could configure a good chunk of Spring security for LDAP (probably other places too) simply with application.properties:
security.ldap.url=ldaps://example.com
security.ldap.user-dn-pattern=uid={0},ou=Users,o=example
security.ldap.group-dn=ou=example,ou=Roles,o=example
security.ldap.group-search-base=(uniqueMember={0})
security.ldap.auth.user-dn=uid=exampleAuthUser,ou=Users,o=example
security.ldap.auth.password=somePassword
I have code that I can contribute if there is interest.
bbrouwer
All 3 comments
@bbrouwer FYI, support for auto-configuring LDAP was recently added with Spring Boot 1.5 RC1. See the release notes and new documentation section for more details. Perhaps this covers (some of) what you had in mind already?
shakuzen
on 10 Jan 2017
That is pretty cool. I didn't know about that yet. My use case is specifically related to security, not a generic use that Spring Data LDAP gives me. Is Spring Security going to switch to use Spring Data LDAP? I didn't find anything specifically saying that, but it would make sense.
I could definitely see being able to write a custom UserDetails implementation that would use the Spring Data LDAP repositories to get the user details and roles that Spring Security needs, but I'm hoping for something that simply requires setting a few properties.
It looks like Spring Data LDAP provides a few of the properties I'm looking for:
spring.ldap.urls=ldap://myserver:1235
spring.ldap.username=admin
spring.ldap.password=secret
But that leaves the needing to specify the group-dn, group-search-base, user-dn-pattern, user-role-attribute, ...
bbrouwer
on 10 Jan 2017
Thank you for the suggestion and the offer of a contribution.
We want to simplify our auto-configuration for Spring Security in Boot 2.0 and, unfortunately, this feels like a step in the wrong direction. I think we'd end up with an auto-configured WebSecurityConfigurerAdapter that kicked in when some spring.security.ldap properties were set.
We'd prefer that people use Spring Security's Java DSL to set this up rather than us trying to recreate that DSL in configuration properties.
wilkinsona
on 13 Jan 2017
Related issues
rwinch
路
3Comments
prasenjit-net
路
3Comments
shahid21st
路
3Comments
alimate
路
3Comments
mkgit007
路
3Comments
Most helpful comment
That is pretty cool. I didn't know about that yet. My use case is specifically related to security, not a generic use that Spring Data LDAP gives me. Is Spring Security going to switch to use Spring Data LDAP? I didn't find anything specifically saying that, but it would make sense.
I could definitely see being able to write a custom UserDetails implementation that would use the Spring Data LDAP repositories to get the user details and roles that Spring Security needs, but I'm hoping for something that simply requires setting a few properties.
It looks like Spring Data LDAP provides a few of the properties I'm looking for:
But that leaves the needing to specify the group-dn, group-search-base, user-dn-pattern, user-role-attribute, ...