How to configure LDAP Authentication using Spring Boot

LDAP authentication is one of the widely used approach in enterprise grade applications.  LDAP is used as central repository for user information and applications will connect to this repository for user searches and authentication. In this article we will see how to do LDAP authentication usingSpring Boot.

Along with Spring Boot we are using an online free LDAP  test server setup for user information. We will use the information provided by them to configure connection in our project.

Software used in this example

  • Spring Boot 1.5.7.RELEASE
  • Java 8
  • Maven
  • Eclipse

Demo Project Structure

As we are using a web application along with usual spring boot dependency we need to add dependencies for ldap and thymeleaf for template system. The entries in pom will be like

For LDAP connection we need set few parameters like server url, port, principal user, password, base domain name. This information you can get from your LDAP or Active Directory team. In our case we are using sample online server and they have made this information available for us. We will keep these as properties in our application properties file.

If you connect to the sample server from any of your LDAP Browser, you will see the directory structure like below 

From above image you can check how we came down to base domain name, user pattern etc. Once we have these properties set we will add a security config bean to our project which will configure a Ldap connection using these properties.

From above you can see that we have configured all urls under /profiles as secured. So if you are not authenticated and try to access the url you will be presented with a login form.

Also you can see that we have configured ldap authentication using spring boot based on a condition. If our properties file have a property ldap.enabled set to true then only the ldap configuration is triggered or else it will fall back to basic in-memory authentication.

Regarding html pages, we have simply mapped /login, /profile urls to respective thymeleaf  templates

Thats it on configuration front. Now we will run our application and access http://localhost:8999/profile .  You will be redirected to login page as

Now try and put any of the users from below. All users have password as password

  • riemann
  • gauss
  • euler
  • euclid

If you enter correct user/password you will be taken to profile page else it will show you login error.

You can download the code from our Github.

Download Code

Add a Comment

Your email address will not be published. Required fields are marked *