Today I needed to authenticate a user and verify he belongs to a specific group in one step (in Active Directory).
I am using Spring LDAP, Spring Security 2.0.4.
After a few hours of trial and error I understood the meaning of the "searchFilter" in FilterBasedLdapUserSearch.
I can verify the sAMAccountName and the group membership using the filter like this:
FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(
"OU=Users,DC=mycompany,DC=com",
"(&(objectCategory=user)(objectClass=person)(sAMAccountName={0})" +
"(memberof:=CN=MyGroup,OU=Users,DC=mycompany,DC=com)" +
")", ctx );
Wednesday, October 21, 2009
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment