Why does Spring Security's BindAuthenticator require read permissions for users?

Posted by Thomas on Stack Overflow See other posts from Stack Overflow or by Thomas
Published on 2010-05-14T03:12:16Z Indexed on 2010/05/14 3:14 UTC
Read the original article Hit count: 329

Hi all,

I'm currently implementing/configuring the LDAP authentication of a Java web application using Spring Security 3.0. I'm using Microsoft AD LDS as LDAP server and chose the Spring's BindAuthenticator. I found out that the authentication only works if the authenticated user is a member of the partition's Readers role. The BindAuthenticator tries to read the user's attributes after the authentication, which seems reasonable in scenarios where authorities are retrieved from the directory service.

Being new to LDAP and AD, is this an acceptable practise when the application is integrated in an existing AD structure? Can fine-tune an give the user dns only read permissions for their own attributes rather than adding them to the Reader group?

Thanks Thomas

© Stack Overflow or respective owner

Related posts about java

Related posts about spring