The Master Class of "Learn Spring Security" is out:

>> CHECK OUT THE COURSE

1. Overview

In this quick tutorial, we will learn how to set up Spring Security LDAP.

Before we start, a note about what LDAP is – it stands for Lightweight Directory Access Protocol and it’s an open, vendor-neutral protocol for accessing directory services over a network.

2. Maven Dependency

First, let take a look at maven dependencies we need:

<dependency>
    <groupId>org.springframework.security</groupId>
    <artifactId>spring-security-ldap</artifactId>
</dependency>

<dependency>
    <groupId>org.apache.directory.server</groupId>
    <artifactId>apacheds-server-jndi</artifactId>
    <version>1.5.5</version>
</dependency>

Note: We used ApacheDS as our LDAP server which is an extensible and embeddable directory server.

3. Java Configuration

Next, let’s discuss our Spring Security Java configuration:

public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.ldapAuthentication()
            .userSearchBase("ou=people")
            .userSearchFilter("(uid={0})")
            .groupSearchBase("ou=groups")
            .groupSearchFilter("member={0}")
            .contextSource()
            .root("dc=baeldung,dc=com")
            .ldif("classpath:users.ldif");
    }
}

This is of course only the LDAP relevant part of the config – the full Java configuration can be found here.

4. XML Configuration

Now, let’s take a look at corresponding XML configuration:

<authentication-manager>
    <ldap-authentication-provider
      user-search-base="ou=people"
      user-search-filter="(uid={0})"
      group-search-base="ou=groups"
      group-search-filter="(member={0})">
    </ldap-authentication-provider>
</authentication-manager>
   
<ldap-server root="dc=baeldung,dc=com" ldif="users.ldif"/>

Again, this is just part of the configuration – the part that is relevant to LDAP; the full XML config can be found here.

5. LDAP Data Interchange Format

LDAP data can be represented using the LDAP Data Interchange Format (LDIF) – here’s an example of our user data:

dn: ou=groups,dc=baeldung,dc=com
objectclass: top
objectclass: organizationalUnit
ou: groups

dn: ou=people,dc=baeldung,dc=com
objectclass: top
objectclass: organizationalUnit
ou: people

dn: uid=baeldung,ou=people,dc=baeldung,dc=com
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
cn: Jim Beam
sn: Beam
uid: baeldung
userPassword: password

dn: cn=admin,ou=groups,dc=baeldung,dc=com
objectclass: top
objectclass: groupOfNames
cn: admin
member: uid=baeldung,ou=people,dc=baeldung,dc=com

dn: cn=user,ou=groups,dc=baeldung,dc=com
objectclass: top
objectclass: groupOfNames
cn: user
member: uid=baeldung,ou=people,dc=baeldung,dc=com

6. The Application

Finally, here is our simple application:

@Controller
public class MyController {

    @RequestMapping("/secure")
    public String secure(Map<String, Object> model, Principal principal) {
        model.put("title", "SECURE AREA");
        model.put("message", "Only Authorized Users Can See This Page");
        return "home";
    }
}

7. Conclusion

In this quick guide to Spring Security with LDAP, we learned how to provision a basic system with LDIF and configure the security of that system.

The full implementation of this tutorial can be found in the github project – this is an Eclipse based project, so it should be easy to import and run as it is.

The Master Class of "Learn Spring Security" is out:

>> CHECK OUT THE COURSE

  • Zulfy Adhie

    Great Tutorial !!!

    How to use LDAP Authentication through REST ?

    • Hey Zulfy,
      So, REST is a different abstraction level and essentially a different concern than the back-end of the authentication process. So you should have no problem following this article and setting things up for a REST API as well.
      Hope that helps. Cheers,
      Eugen.