Wednesday, October 21, 2009

Using Spring LDAP to authenticate a user and verify group membership in Active Directory

Today I needed to authenticate a user and verify he belongs to a specific group in one step (in Active Directory).
I am using Spring LDAP, Spring Security 2.0.4.
After a few hours of trial and error I understood the meaning of the "searchFilter" in FilterBasedLdapUserSearch.
I can verify the sAMAccountName and the group membership using the filter like this:

FilterBasedLdapUserSearch search = new FilterBasedLdapUserSearch(
"OU=Users,DC=mycompany,DC=com",
"(&(objectCategory=user)(objectClass=person)(sAMAccountName={0})" +
"(memberof:=CN=MyGroup,OU=Users,DC=mycompany,DC=com)" +
")", ctx );