Issue
Using Active Directory with Spring for LDAP, If I specify the exact directory (base) of the search, for example String base="CN=Administrators"
search/authentication finds the user, but if passed to the method .authenticate(String base="", filter, password)
, where base is an empty string, then it does not find it and gives an error
ldapTemplate.authenticate("", MessageFormat.format("(SamAccountName={0})", login), "password")
//error
org.springframework.ldap.PartialResultException: Unprocessed Continuation Reference(s);
nested exception is javax.naming.PartialResultException: Unprocessed Continuation Reference(s);
remaining name '/'
Moreover, if I connect to OpenLDAP and not to Active Directory, it allows me to specify an empty string LdapTemplate.authenticate(String base="", filter, password)
and finds the user. As I understand it, OpenLDAP allows to search through all groups, which is what I need.
For example I have several CN Groups like CN=Administrators
, CN=FreeUsers
, CN=System
etc with many CN users inside.
How to allow Active Directory search through all of them on authenticate?
Solution
I solved this issue by adding configuration to LdapTemplate. Now template finds users in AD without specifying the base.
was
@Bean
public LdapTemplate ldapTemplate() {
LdapTemplate ldapTemplate = new LdapTemplate(contextSource());
return ldapTemplate;
}
now
@Bean
public LdapTemplate ldapTemplate() {
LdapTemplate ldapTemplate = new LdapTemplate(contextSource());
ldapTemplate.setIgnorePartialResultException(true);
return ldapTemplate;
}
Answered By - tabool
Answer Checked By - Marilyn (JavaFixing Volunteer)