I can authenticate to Active Directory if only one AD server needs to be configured. The solution is given as Active Directory authentication through ssl as an anonymous user .
Now I get stuck when there are several ADs working behind a load balancer.
Since the Load Balancer is in between, I get only the host name, and IP AD will be replaced by the host name behind the load balancer based on availability. Therefore, I will not know which Active Directory server will be used to process my authentication request. Thus, I will not be able to generate the certificate in advance. In addition, I cannot get the AD IPs that my client uses for load balancing (for security reasons). therefore it makes no sense to generate jssecacert . All I have to do is disable certificate verification. I am using the LdapTemplate class (using spring -ldap 1.3.1) to authenticate the user. My spring Config looks like this ...
<bean id="ldapTemplate" class="org.springframework.ldap.core.LdapTemplate"> <property name="contextSource" ref="contextSource" /> <property name="ignorePartialResultException" value="yes" /> </bean> <bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource"> <property name="url" value="ldaps://xxx.xxx.xxx.xxx:636" /> </bean>
Authentication Method:
public boolean login(String username, String password) { System.setProperty("javax.net.ssl.trustStore", .../jssecacerts"); boolean authenticate=false; AndFilter filter = new AndFilter(); filter.and(new EqualsFilter("xyz","xyz")); filter.and(new EqualsFilter("xyz", xyz)); authenticate = this.ldapTemplate.authenticate(base, filter.encode(), password); return authenticate; }
Since we do not need to have a System.setProperty("javax.net.ssl.trustStore", .../jssecacerts"); certificate System.setProperty("javax.net.ssl.trustStore", .../jssecacerts"); we will not need it.
What changes do I need to make to disable certificate verification.
I am new to working with LDAP., Please help with the appropriate answer.
source share