Why does Spring Security's BindAuthenticator require read permissions for users?
Posted
by Thomas
on Stack Overflow
See other posts from Stack Overflow
or by Thomas
Published on 2010-05-14T03:12:16Z
Indexed on
2010/05/14
3:14 UTC
Read the original article
Hit count: 334
Hi all,
I'm currently implementing/configuring the LDAP authentication of a Java web application using Spring Security 3.0. I'm using Microsoft AD LDS as LDAP server and chose the Spring's BindAuthenticator. I found out that the authentication only works if the authenticated user is a member of the partition's Readers role. The BindAuthenticator tries to read the user's attributes after the authentication, which seems reasonable in scenarios where authorities are retrieved from the directory service.
Being new to LDAP and AD, is this an acceptable practise when the application is integrated in an existing AD structure? Can fine-tune an give the user dns only read permissions for their own attributes rather than adding them to the Reader group?
Thanks Thomas
© Stack Overflow or respective owner