> I have been able to use the FastBindLdapAuthenticationHandler to authenticate > against MS ActiveDirectory LDAP using the CN as the filter , however, when I > try to authenticate using the sAMAccountName attribute in the filter I can > not authenticate.
Logs would be helpful in troubleshooting the problem. Application logs are some help, but server-side logs are even more helpful. I understand they can be difficult to obtain for AD. > <bean id="contextSource" > class="org.springframework.ldap.core.support.LdapContextSource"> > <property name="pooled"value="false"/> > <property name="anonymousReadOnly"value="false"/> > <property name="urls"> > <list> > <value>ldap://ipaddress:389</value> > </list> > </property> > <property name="baseEnvironmentProperties"> > <map> > <entry key="com.sun.jndi.ldap.connect.timeout"value="10000"/> > <entry key="com.sun.jndi.ldap.read.timeout" value="10000"/> > <entry key="java.naming.security.authentication"value="simple"/> > </map> > </property> > </bean> Do you need to set the search base? Also, some other comments about your config that are unrelated to your problem: * I'd recommend you reconsider a 10 second connect and read timeouts. Most users will give up on an authentication attempt long before 10 seconds have elapsed. * I would argue there's simply no use case for plaintext LDAP connections. I heartily encourage you to consider ldaps://your.ad.host:636 to secure the connection. > Is it possible to use the FastBindLdapAuthenticationHandler when using the > search filter sAMAccountName=%u? Yes, it's simply a matter of configuration. M -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
