Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1014: minor changes for an easy NTLM / LDAP configuration #1265

spring-issuemaster opened this Issue Oct 16, 2008 · 2 comments


None yet
1 participant

Fred Gilbart(Migrated from SEC-1014) said:

Following changes are needed for an easy NTLM and LDAP (Active Directory) integration :

LdapAuthenticationProvider :
Either accept empty password (then LdapAuthenticationProvider can be used as is), or change scope to protected for the private LdapAuthenticator authenticator; : in that case we can easily override the authenticate() method to avoid password length check, without the need to use another LdapAuthenticator in the overriding class.

Another change is needed for NTLM : AbstractLdapAuthenticator with no password check.
PasswordComparisonAuthenticator is final and can’t be overrided, despite the only usefull change is to comment last lines in authenticate() to remove password check.
Because of the class name, it’s not easy to change this…
So may a new class extending LdapAuthenticationProvider exists ( with no password check) ?

With those 2 changes, we can use NTLM to get username, use it to query LDAP and retrieve user informations (email, name, etc..) then use such informations in a custom UserDetails implementation (via a convenient UserDetailsContextMapper) without any implementation.

Hope this can help.

Luke Taylor said:

The issue with LdapAuthenticationProvider has been resolved as part of SEC-1117.

As far as I can see the additional functionality you’re talking about (ignoring the password supplied) is already available via NtlmAwareLdapAuthenticator. let me know if I’m missing something.

@spring-issuemaster spring-issuemaster added this to the 3.0.0 M1 milestone Feb 5, 2016

This issue duplicates #1367

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment