VOOZH about

URL: https://www.geeksforgeeks.org/advance-java/spring-security-with-ldap-authentication/

⇱ Spring Security with LDAP Authentication - GeeksforGeeks

  • Courses
  • Tutorials
  • Interview Prep

Spring Security with LDAP Authentication

Last Updated : 23 Jul, 2025

LDAP (Lightweight Directory Access Protocol) is widely used for identity and access management. It organizes data in a hierarchical structure, optimized for read-heavy operations. LDAP is advantageous due to its scalability and interoperability. In this article, we will create a simple authentication system using Spring Security with LDAP.

Prerequisites:

To follow along, you will need:

Steps to Implement LDAP in Spring Security

Step 1: Create a Spring Boot Project

Go to Spring Initializr and select:

  • Group: com.example
  • Artifact: ldap-demo
  • Dependencies: Spring Web, Spring Security, Spring LDAP, Spring Boot DevTools

Download the project and extract the zip file.

πŸ‘ Project Metadata

Step 2: Add LDAP Dependency

Open the pom.xml file and add the Spring Security LDAP dependency if not already present.

		<!-- https://mvnrepository.com/artifact/org.springframework.security/spring-security-ldap -->
		<dependency>
			<groupId>org.springframework.security</groupId>
			<artifactId>spring-security-ldap</artifactId>
			<version>6.3.3</version>
		</dependency>

Also install the dependencies by running the command in your terminal at your project location:

mvn install

Project Structure:

Create the following files inside the src directory of the project:

  • LdapController.java
  • LdapService.java
  • SecurityConfig.java
  • UserDTO.java

Create the HTML files named addUser.html and success.html inside the resources/static folder. After creating the above-mentioned files your project structure will look like this:

πŸ‘ Project Folder Structure

Step 4: Define Code Files

Now, let’s go through the code files with explanations and inline comments.

4.1 LdapController.java

This controller handles the endpoints for displaying the home page and managing user creation.

Explanation:

  • The LdapController manages the endpoints / (for home) and /add-user (for user creation).
  • The LdapService handles the actual user creation process in LDAP.

4.2 LdapService.java

This service class interacts with LDAP to create new users.

Explanation:

  • The LdapService uses LdapTemplate to create and bind a new user to the LDAP directory using the given user details.
  • The createUser() method constructs the Distinguished Name (DN) and sets attributes like email, common name, surname, and password.

4.3 UserDTO.java

This class represents a Data Transfer Object for user details.

Explanation:

  • This is a simple DTO class that holds user details, including email, common name, surname, and password. This data is passed between layers of the application.

4.4 SecurityConfig.java

This class configures Spring Security to use LDAP authentication.

Explanation:

  • SecurityConfig defines Spring Security settings, including access rules and LDAP authentication configurations.
  • The LDAP server details, including the user DN pattern and admin credentials, are specified here.

4.5 addUser.html

This HTML form allows for user creation in the LDAP directory.

Explanation:

  • This HTML form collects user data (email, common name, surname, and password) and submits it to the /add-user endpoint for processing.

4.6 success.html

A simple success page shown after a user is added.

Explanation:

  • Displays a message to indicate that the user has been successfully added to the LDAP directory.

Step 5: Run the Application

  • Before running the spring boot application make sure to install Apache Directory Server and Apache Directory Studio on your computer.
  • After installation, open the Apache Directory Studio and make a new connection to the LDAP server (Apache Directory Server).
  • Your LDAP server will be running on port 10389, make sure to provide all the necessary information while making the connection request.

Note: We have not set the password for the admin account, and the default password will be "secret" (without the double quotes).

πŸ‘ Apache DS Directory
  • After establishing the connection with LDAP server, we can see the directory as shown above. We will try to add users to OU (Organizational Unit) = users.
  • We need to create at least one user using Apache Directory Studio so that we can add more users through the spring boot application by visiting "/add-user" endpoint.

Step 6: Create an Initial User in LDAP via Apache Directory Studio

Create a user by right-clicking on ou=users -> New -> New Entry -> Create entry from scratch.

  • Search for inetOrgPerson in the search bar and add that object.
  • Some additional objects will be added along with it automatically.
  • Select the RDN (Relative Distinguishable Name) as userid and provide a value (must be unique).
  • After that click on next and add CN (Common Name) and SN (Surname) since it is a required field for inetOrgPerson object.
  • Add an additional attribute named userPassword and choose SSHA as Hash Method.


Step 7: Run the Spring Boot Application

Now start the spring boot application and go to http://localhost:8080/. You will prompted to provided username and password. Provide the credentials of the previously created user to view the page.

Output Video:

Step 9: Access and Test the Application

Now we can add more users to the application which will be stored in the ou=users, ou=system directory of our LDAP server. Provide the necessary details and click on submit button and a user will be created with the appropriate information.

Output Video:


Comment
Article Tags:

Explore