I would like to implement LDAP authentication for a web application using Spring Boot.
Here is my WebSecurityConfig class:
@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
@Override
protected void configure(HttpSecurity http) throws Exception {
http
.authorizeRequests()
.anyRequest()
.authenticated()
.and()
.formLogin();
}
@Configuration
protected static class AuthenticationConfiguration extends
GlobalAuthenticationConfigurerAdapter {
@Override
public void init(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("cn={0},ou=institution,ou=people")
.contextSource()
.url("ldap://ldap.mdanderson.edu:389/dc=mdanderson,dc=edu");
}
}
}
I tested it with my institutional credentials with the following DN:
CN=Djiao,OU=Institution,OU=People,DC=mdanderson,DC=edu
On login page, if I type in djiao as my username and a wrong password, it will say "bad credentials". However if I give the correct password, I would get 500:
There was an unexpected error (type=Internal Server Error, status=500).
Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name ''
It seems binding to ldap server is successful otherwise it would not have distinguished correct password from bad password. But why am I getting this error?
What I have tried:
I tried to login with a bad password and got "login not successful, reason: bad credentials". With the correct password, it got to a Whitelabel Error Page with the aforementioned error.