Uncategorized exception for using correct credentials in LDAP authentication

java authentication spring-security ldap

10,366

So the issue is really what I expected. I have basically no explanation why you are getting a wrong credentials error back when you give a wrong password but the problem why you see this exception is easy. You need to configure a user that is allowed to read the LDAP server. In your AuthenticationConfiguration you are just defining the URL of the LDAP server but no user which would be allowed to execute a search and read from there. LDAP authentication works in a two step approach:

Your app will try to find a DN matching your criteria given in the userSearchFilter. For this it will need a manager connection which you can define using managerDN() and managerPassword() methods of your contextSource() definition. If this search is successful...
it will execute a second bind operation using the DN and the given password and if successful read out your node (as well as linked groups) to populate your Principal or UserDetails object.

Look at the answer in the other post which is defining the manager connection like

.contextSource()
        .url("ldaps://<ap-ldap-server>")
        .port(639)
        .managerDn("cn=binduser,ou=users,dc=ap,dc=domain,dc=com")
        .managerPassword("some pass")

10,366

Author by

Nasreddin

Updated on June 05, 2022

Comments

Nasreddin almost 2 years

I would like to implement LDAP authentication for a web application using Spring Boot. Here is my WebSecurityConfig class:

@Configuration
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http
            .authorizeRequests()
                .anyRequest()
                .authenticated()
                .and()
            .formLogin();
    }

    @Configuration
    protected static class AuthenticationConfiguration extends
            GlobalAuthenticationConfigurerAdapter {

        @Override
        public void init(AuthenticationManagerBuilder auth) throws Exception {
            auth
                .ldapAuthentication()
                    .userDnPatterns("cn={0},ou=institution,ou=people")
                    .contextSource()
                    .url("ldap://ldap.mdanderson.edu:389/dc=mdanderson,dc=edu");
        }
    }   
}

I tested it with my credentials. Here is the screenshot of my user information from LDAP server:

On login page, if I type in djiao as my username and a wrong password, it will say Bad credentials. However if I give the correct password, I would get 500:

There was an unexpected error (type=Internal Server Error, status=500).
Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C0906E8, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v1db1]; remaining name ''

It seems binding to ldap server is successful otherwise it would not distinguish correct password from bad password. But why am I getting this exception?

EDIT:

From the output of IDE console, I see a lot of messages like Rejected bean and Unable to locate LocaleResolver, etc. They do not appear to be errors, but I don't know if they are causing the error. Below is the stack trace:

210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'springBootLoggingSystem': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'environment': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'systemProperties': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'systemEnvironment': no URL paths identified
[2m2016-04-20 11:34:53.876[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'org.springframework.context.annotation.ConfigurationClassPostProcessor.importRegistry': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'messageSource': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'servletContext': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'contextParameters': no URL paths identified
[2m2016-04-20 11:34:53.878[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.h.BeanNameUrlHandlerMapping     [0;39m [2m:[0;39m Rejected bean name 'contextAttributes': no URL paths identified
[2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/webjars/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:53.889[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:53.906[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36m.m.m.a.ExceptionHandlerExceptionResolver[0;39m [2m:[0;39m Looking for exception mappings: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@2dfbba12: startup date [Wed Apr 20 11:34:48 CDT 2016]; root of context hierarchy
[2m2016-04-20 11:34:53.940[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.handler.SimpleUrlHandlerMapping [0;39m [2m:[0;39m Mapped URL path [/**/favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
[2m2016-04-20 11:34:54.344[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.j.e.a.AnnotationMBeanExporter       [0;39m [2m:[0;39m Registering beans for JMX exposure on startup
[2m2016-04-20 11:34:54.370[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Looking for resource handler mappings
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**/favicon.ico", locations=[class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/], class path resource []], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@3ba74ae5]
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/webjars/**", locations=[class path resource [META-INF/resources/webjars/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@64261efb]
[2m2016-04-20 11:34:54.371[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.s.resource.ResourceUrlProvider    [0;39m [2m:[0;39m Found resource handler mapping: URL pattern="/**", locations=[ServletContext resource [/], class path resource [META-INF/resources/], class path resource [resources/], class path resource [static/], class path resource [public/]], resolvers=[org.springframework.web.servlet.resource.PathResourceResolver@2bc241b]
[2m2016-04-20 11:34:54.435[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36ms.b.c.e.t.TomcatEmbeddedServletContainer[0;39m [2m:[0;39m Tomcat started on port(s): 8080 (http)
[2m2016-04-20 11:34:54.436[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.s.w.c.s.StandardServletEnvironment    [0;39m [2m:[0;39m Adding [server.ports] PropertySource with highest search precedence
[2m2016-04-20 11:34:54.442[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[           main][0;39m [36mo.m.r.ristore.ws.RistoreWebApplication  [0;39m [2m:[0;39m Started RistoreWebApplication in 6.32 seconds (JVM running for 6.784)
[2m2016-04-20 11:35:04.459[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Initializing servlet 'dispatcherServlet'
[2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.a.c.c.C.[Tomcat].[localhost].[/]      [0;39m [2m:[0;39m Initializing Spring FrameworkServlet 'dispatcherServlet'
[2m2016-04-20 11:35:04.460[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization started
[2m2016-04-20 11:35:04.460[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Using MultipartResolver [org.springframework.web.multipart.support.StandardServletMultipartResolver@3f7834e2]
[2m2016-04-20 11:35:04.464[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate LocaleResolver with name 'localeResolver': using default [org.springframework.web.servlet.i18n.AcceptHeaderLocaleResolver@7488cec1]
[2m2016-04-20 11:35:04.494[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate ThemeResolver with name 'themeResolver': using default [org.springframework.web.servlet.theme.FixedThemeResolver@63934d10]
[2m2016-04-20 11:35:04.499[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate RequestToViewNameTranslator with name 'viewNameTranslator': using default [org.springframework.web.servlet.view.DefaultRequestToViewNameTranslator@47fce61b]
[2m2016-04-20 11:35:04.504[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Unable to locate FlashMapManager with name 'flashMapManager': using default [org.springframework.web.servlet.support.SessionFlashMapManager@3cab6c9d]
[2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Published WebApplicationContext of servlet 'dispatcherServlet' as ServletContext attribute with name [org.springframework.web.servlet.FrameworkServlet.CONTEXT.dispatcherServlet]
[2m2016-04-20 11:35:04.505[0;39m [32m INFO[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m FrameworkServlet 'dispatcherServlet': initialization completed in 45 ms
[2m2016-04-20 11:35:04.505[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-1][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Servlet 'dispatcherServlet' configured successfully
[2m2016-04-20 11:35:09.671[0;39m [31mERROR[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.a.c.c.C.[.[.[/].[dispatcherServlet]   [0;39m [2m:[0;39m Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception

org.springframework.ldap.UncategorizedLdapException: Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]; remaining name ''
    at org.springframework.ldap.support.LdapUtils.convertLdapException(LdapUtils.java:228) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:397) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:328) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:629) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:570) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForMultipleAttributeValues(SpringSecurityLdapTemplate.java:241) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.SpringSecurityLdapTemplate.searchForSingleAttributeValues(SpringSecurityLdapTemplate.java:166) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGroupMembershipRoles(DefaultLdapAuthoritiesPopulator.java:238) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator.getGrantedAuthorities(DefaultLdapAuthoritiesPopulator.java:207) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.loadUserAuthorities(LdapAuthenticationProvider.java:215) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:87) ~[spring-security-ldap-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:167) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:192) ~[spring-security-core-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:93) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:217) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.csrf.CsrfFilter.doFilterInternal(CsrfFilter.java:120) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) ~[spring-security-web-4.0.3.RELEASE.jar:4.0.3.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:99) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.HttpPutFormContentFilter.doFilterInternal(HttpPutFormContentFilter.java:87) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.HiddenHttpMethodFilter.doFilterInternal(HiddenHttpMethodFilter.java:77) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:121) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) ~[spring-web-4.2.5.RELEASE.jar:4.2.5.RELEASE]
    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:240) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:207) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:212) ~[tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1500) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:1456) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) [na:1.7.0_80]
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) [na:1.7.0_80]
    at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) [tomcat-embed-core-8.0.32.jar:8.0.32]
    at java.lang.Thread.run(Thread.java:745) [na:1.7.0_80]
Caused by: javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090748, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v2580]
    at com.sun.jndi.ldap.LdapCtx.mapErrorCode(LdapCtx.java:3127) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:3033) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.processReturnCode(LdapCtx.java:2840) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.searchAux(LdapCtx.java:1849) ~[na:1.7.0_80]
    at com.sun.jndi.ldap.LdapCtx.c_search(LdapCtx.java:1772) ~[na:1.7.0_80]
    at com.sun.jndi.toolkit.ctx.ComponentDirContext.p_search(ComponentDirContext.java:386) ~[na:1.7.0_80]
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:356) ~[na:1.7.0_80]
    at com.sun.jndi.toolkit.ctx.PartialCompositeDirContext.search(PartialCompositeDirContext.java:339) ~[na:1.7.0_80]
    at javax.naming.directory.InitialDirContext.search(InitialDirContext.java:267) ~[na:1.7.0_80]
    at org.springframework.ldap.core.LdapTemplate$4.executeSearch(LdapTemplate.java:322) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    at org.springframework.ldap.core.LdapTemplate.search(LdapTemplate.java:363) ~[spring-ldap-core-2.0.2.RELEASE.jar:2.0.2.RELEASE]
    ... 64 common frames omitted

[2m2016-04-20 11:35:09.675[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m DispatcherServlet with name 'dispatcherServlet' processing POST request for [/error]
[2m2016-04-20 11:35:09.676[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Looking up handler method for path /error
[2m2016-04-20 11:35:09.679[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36ms.w.s.m.m.a.RequestMappingHandlerMapping[0;39m [2m:[0;39m Returning handler method [public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)]
[2m2016-04-20 11:35:09.745[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Requested media types are [text/html, text/html;q=0.8] based on Accept header types and producible media types [text/html])
[2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.w.s.v.ContentNegotiatingViewResolver[0;39m [2m:[0;39m Returning [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] based on requested media type 'text/html'
[2m2016-04-20 11:35:09.747[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Rendering view [org.springframework.boot.autoconfigure.web.ErrorMvcAutoConfiguration$SpelView@c5860a] in DispatcherServlet with name 'dispatcherServlet'
[2m2016-04-20 11:35:09.752[0;39m [32mDEBUG[0;39m [35m69210[0;39m [2m---[0;39m [2m[nio-8080-exec-3][0;39m [36mo.s.web.servlet.DispatcherServlet       [0;39m [2m:[0;39m Successfully completed request

EDIT #2: Here is the contextSource config from another project within the same institution.

<beans:bean id="contextSource"
            class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
    <beans:constructor-arg value="ldap://ldap.mdanderson.edu:389/DC=mdanderson,DC=edu" />
    <beans:property name="userDn" value="ou=institution,ou=people" />
    <beans:property name="password" value="password" />
</beans:bean>

Nasreddin about 8 years

When I tried to add these two lines I got error The method managerDn(String) is undefined for the type WebSecurityConfig, managerPassword is fine. Also is this manager user/password arbitrary?
daniel.eichten about 8 years

Where did you added it? right after the url("<url>") part?
Nasreddin about 8 years

Sorry I had a ; after url. Anyway, the two lines I added are .managerDn("cn=manager,ou=institution,ou=people,dc=mdanderso‌n,dc=edu") .managerPassword("password"); and am getting LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error error. Is the manager credential arbitrary?
daniel.eichten about 8 years

No no, that has to be a valid person in your directory. So if you know your DN and pass you can put in yours. In our case we create usually service users for this purpose.
Nasreddin about 8 years

You mean using the same account (me) as a manager to authenticate another account which happens to be same credentials (me)? I don't quite get it. But after I put my dn and pass as manager I am getting Unprocessed Continuation Reference(s); nested exception is javax.naming.PartialResultException.
daniel.eichten about 8 years

Ok, this is actually coming cause your DN is referring to another node in the Directory Tree (referral) or sometimes even another server. The straight forward option would be to tell the LDAP client to follow links. In essence this should be doable by passing in a valid ContextSource which has this enabled. Unfortunately the ContextBuilder does not allow you to set this directly. You'll have to create the ContextSource on you own and pass it in. See: docs.spring.io/spring-ldap/docs/current/reference/… for config options.
Nasreddin about 8 years

I added the configuration for contextSource from another project inside the institution. They use Spring xml config though. Do you know how to deal with the userdn and password property in my Spring-boot config?
daniel.eichten about 8 years

Let us continue this discussion in chat.
Nasreddin about 8 years

I force it to follow links by contextSource.setReferral("follow"); and it works now. Thanks a lot
Sylhare over 3 years

With a custom contextSource I added contextSource.setUserDn("cn=user") and contextSource.setPassword("userpassword") and it worked. The issue is that you need an initial user to make the bind as this answer specify.