当尝试使用Spring Boot App连接到本地OpenLDAP服务器时,由于 Insuficient Access Rights ,我无法登录 .
我经常搜索类似的问题,但无法解决这个问题 .
Spring Security配置:
@Override
public void configure(AuthenticationManagerBuilder auth) throws Exception {
auth
.ldapAuthentication()
.userDnPatterns("uid={0},ou=people")
.groupSearchBase("ou=people")
.contextSource()
.url("ldap://localhost:389/dc=upb,dc=com")
.and()
.passwordCompare()
.passwordEncoder(new LdapShaPasswordEncoder())
.passwordAttribute("userPassword");
}
/etc/ldap/slapd.d/cn=config.ldif 内容:
# CRC32 54042221
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: bc93b032-1b01-1038-87c3-a9a9e7a1db9c
creatorsName: cn=config
createTimestamp: 20180713160124Z
entryCSN: 20180713160124.350902Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20180713160124Z
olcAccess: to *
by self write
by anonymous auth
by dn.base="cn=admin,dc=upb,dc=com" write
by dn.base="cn=config,dc=upb,dc=com" write
by dn.base="uid=ben,ou=people,dc=upb,dc=com" write
by * read
另外 /usr/share/slapd/slapd.conf 具有访问权限的行:
access to attrs=userPassword,shadowLastChange
by dn="@ADMIN@" write
by anonymous auth
by self write
by * read
access to dn.base="" by * read
access to *
by dn="@ADMIN@" write
by cn=admin write
by uid=ben write
by * read
我用.ldif文件中的 cn=admin 创建了内容树 . 看我的OpenLDAP content structure
有人可以帮我弄这个吗?谢谢!