Click here to Skip to main content
15,878,543 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more: , +
I want to do LDAP authentication using Spring Boot, but I can't. I just want to check the person who wrote his username and password on our ldap server when he wants to log in. If we have such a user on our ldap server, I want it to rotate something successfully.Otherwise I want it to return the wrong password and either password or connection error. Seriously, it took me a while to figure it out. I've looked at all the sources, I've watched video lessons, but they're all reading from the pre-existing ldif file. But I just want to check the username and password entered from our own LDAP server using Spring Boot, not from any existing file.

so I found new tutorial topics, which there is using ldap test server, what I want to do. I have successfully login when I type username and password of their given. file    
ldap.enabled = true

####### LDAP ##############
ldap.urls= ldap://
ldap.base.dn= dc=example,dc=com
ldap.username= cn=read-only-admin,dc=example,dc=com
ldap.password= password
ldap.user.dn.pattern = uid={0}


and this is my Security configuration.

import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Configuration;

public class SecurityConfig  extends WebSecurityConfigurerAdapter{

    private String ldapUrls;

    private String ldapBaseDn;

    private String ldapSecurityPrincipal;

    private String ldapPrincipalPassword;

    private String ldapUserDnPattern;

    private String ldapEnabled;

    protected void configure(HttpSecurity http) throws Exception {

    protected void configure(AuthenticationManagerBuilder auth) throws Exception {

        if(Boolean.parseBoolean(ldapEnabled)) {
                    .url(ldapUrls + ldapBaseDn)
        } else {


But When I change url , base-dn, username and password and When I give our own values I am getting this below error:

Caused by: org.springframework.ldap.CommunicationException: myldapserverurl:389; nested exception is javax.naming.CommunicationException: myldapserverurl:389 [Root exception is Connection timed out: connect]

Caused by: javax.naming.CommunicationException: myldapserverurl:389

Caused by: Connection timed out: connect

Afterwards I thought that my file doesn't need the password information because in our ldap server each user has their own password. So I delete ldap.password key and do comment

private String ldapPrincipalPassword;

and this line. .managerPassword(ldapPrincipalPassword)

Now when I run the program again I get the following error.

Caused by: org.springframework.beans.BeanInstantiationException: Failed to instantiate [javax.servlet.Filter]: Factory method 'springSecurityFilterChain' threw exception; nested exception is java.lang.IllegalStateException: managerPassword is required if managerDn is supplied

Caused by: java.lang.IllegalStateException: managerPassword is required if managerDn is supplied

In short, what I want from you. I want to perform my LDAP operations using Spring Boot without ldif file. can someone helps me about this topic?What should I change?

What I have tried:

I tried to many ways but still I couldn't
Updated 4-Apr-22 10:50am

1 solution

Input such as

password: blablabla

#LDAP Properties
prefix.ldap_security_authentication= simple

@ConfigurationProperties(prefix = "prefix")
public class Properties {

    private String ldapServerUrl;
    private String ldapDomainName;
    private String ldapSecurityAuthentication;
    private String ldapUsersSearchBase;
    private boolean ldapIsEnabled;

    public String getLdapSecurityAuthentication() {
        return ldapSecurityAuthentication;

    public void setLdapSecurityAuthentication(String ldapSecurityAuthentication) {
        this.ldapSecurityAuthentication = ldapSecurityAuthentication;

    public String getLdapUsersSearchBase() {
        return ldapUsersSearchBase;

    public void setLdapUsersSearchBase(String ldapUsersSearchBase) {
        this.ldapUsersSearchBase = ldapUsersSearchBase;

    public String getLdapDomainName() {
        return ldapDomainName;

    public void setLdapDomainName(String ldapDomainName) {
        this.ldapDomainName = ldapDomainName;

    public String getLdapServerUrl() {
        return ldapServerUrl;

    public void setLdapServerUrl(String ldapServerUrl) {
        this.ldapServerUrl = ldapServerUrl;

    public boolean isLdapIsEnabled() {
        return ldapIsEnabled;

    public void setLdapIsEnabled(boolean ldapIsEnabled) {
        this.ldapIsEnabled = ldapIsEnabled;


public class LoginRequest implements Serializable {

    private String email;
    private String password;

    public String getEmail() {
        return email;

    public void setEmail(String email) { = email;

    public String getPassword() {
        return password;

    public void setPassword(String password) {
        this.password = password;


import java.util.Hashtable;
import javax.naming.AuthenticationException;
import javax.naming.Context;
import javax.naming.NamingException;
import org.springframework.stereotype.Service;

public class LDAPService {

    private final Properties props;

    public LDAPService(Properties props) {
        this.props = props;

    public void validateUserCredentials(LoginRequest user) throws CustomException {

        if (props.isLdapIsEnabled()) {
            try {
                Hashtable<String, String> environment = new Hashtable<>();
                environment.put(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
                environment.put(Context.PROVIDER_URL, props.getLdapServerUrl());
                //environment.put(Context.SECURITY_PROTOCOL, "SSL");
                environment.put(Context.SECURITY_AUTHENTICATION, props.getLdapSecurityAuthentication());
                environment.put(Context.SECURITY_PRINCIPAL, createBindPrincipal(user.getEmail()));
                //environment.put(Context.SECURITY_PRINCIPAL, "cn=" + user.getUsername() + "," + props.getLdapUsersSearchBase());
                environment.put(Context.SECURITY_CREDENTIALS, user.getPassword());
                DirContext init = new InitialDirContext(environment);
            } catch (AuthenticationException ex) {
                //LDAP Status Code=49	Invalid credentials	AuthenticationException
                PeLogger.error("Authentication for user " + user.getEmail() + " FAILED", ex);
                PeLogger.error("Invalid credentials for user " + user.getEmail());
                throw new CustomException(StatusCodes.Error.INCORRECT_CREDENTIALS);
            } catch (NamingException ex) {
                PeLogger.error("Error when contacting LDAP server {}", props.getLdapServerUrl(), ex);
                PeLogger.error("Unable to connect to LDAP Server; check LDAP configuration", ex);
                throw new CustomException(StatusCodes.Error.CANNOT_AUTH_NOW);
            } catch (Exception ex) {
                throw new CustomException(StatusCodes.Error.CANNOT_AUTH_NOW);

    private String createBindPrincipal(String username) {
        if (username.toLowerCase().endsWith(props.getLdapDomainName().toLowerCase())) {
            return username;
        } else {
            return username + "@" + props.getLdapDomainName();

@EnableGlobalMethodSecurity(prePostEnabled = true)
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

    private final String[] AUTH_WHITELIST = {
        // -- Login

    public JwtAuthenticationFilter authenticationTokenFilterBean() throws Exception {
        return new JwtAuthenticationFilter();

    protected void configure(HttpSecurity http) throws Exception {
                addFilterBefore(authenticationTokenFilterBean(), AbstractPreAuthenticatedProcessingFilter.class);
Share this answer

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900