Spring Security Active Directory Ignoring PartialResultException
Asked Answered
B

1

8

I have the following configuration in my spring security xml file. When I try to authenticate I get the following message but cannot proceed.

INFO: Ignoring PartialResultException

I am aware that spring's documentation states that you can set ignorePartialResultException to true but this property seems to be in the LdapTemplate class which may require additional coding. I would like to accomplish all of this through bean configuration as I am not interested in role mapping.

<authentication-manager>
        <authentication-provider ref="activeDirectoryAuthProvider" />
    </authentication-manager>
    <beans:bean id="activeDirectoryAuthProvider"
        class="org.springframework.security.ldap.authentication.ad.ActiveDirectoryLdapAuthenticationProvider">
        <beans:constructor-arg value="mydomain.com" />
        <beans:constructor-arg value=" ldap://mydomain.com:389" />
    </beans:bean>
Boettcher answered 12/8, 2014 at 12:43 Comment(3)
Have you tried changing from port 389 to 3268 to search the Global Catalog instead? A search against the GC will never return referrals. Also, have you tried changing your LDAP URL to something more specific so it doesn't search the whole domain? For example, "ldap://mydomain.com:389/dc=foo,dc=bar"?Khoury
You "cannot proceed" or you "can proceed" after this INFO message?Watchband
I am not able to use 3268. I am not able to proceed after I receive the INFO.Boettcher
B
6

After digging around we found out that our role mapping was blocking the authentication. We were in fact hitting AD but Spring was trying to map a group name to a role that didn't exist within our system. Once we did that we were good to go.

Boettcher answered 19/11, 2014 at 14:46 Comment(1)
Are you getting this error SpringSecurityLdapTemplate:235 - Ignoring PartialResultException.Uranography

© 2022 - 2024 — McMap. All rights reserved.