Skip to content

Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient #18627

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
therepanic wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient #18627

therepanic wants to merge 1 commit into from
+37 −19

Conversation

@therepanic
Copy link
Contributor

@therepanic therepanic commented Feb 1, 2026

Replaces SpringSecurityLdapTemplate with LdapClient for user search operations.

Closes: gh-17291

therepanic
therepanic commented Feb 1, 2026
View reviewed changes
...ringframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
LdapClient ldapClient = LdapClient.builder()
.contextSource(contextSource)
.defaultSearchControls(() -> searchControls)
.ignorePartialResultException(true)
Copy link
Contributor Author

@therepanic therepanic Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SpringSecurityLdapTemplate#searchForSingleEntryInternal behavior also ignores partial result exceptions.

therepanic
therepanic commented Feb 1, 2026
View reviewed changes
...ringframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
Comment on lines 318 to +338
}
catch (org.springframework.ldap.NamingException ex) {
throw badCredentials(ex);
}
Copy link
Contributor Author

@therepanic therepanic Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what you should do, otherwise the tests will fail.

therepanic
therepanic commented Feb 1, 2026
View reviewed changes
...ramework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
Comment on lines -100 to +101
given(this.ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
given(this.ctx.search(any(Name.class), any(String.class), any(SearchControls.class)))
Copy link
Contributor Author

@therepanic therepanic Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not entirely sure whether this is a breaking change or not. Because when switching to LdapClient, we don't accept any(Object[].class) as the fourth argument, so we don't need to mock it.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 1, 2026
@therepanic
Copy link
Contributor Author

therepanic commented Feb 1, 2026

I don't quite understand whether this is breaking Change or not, please take a look at #18627 (comment)

@therepanic @rwinch
Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient
ca61fed 
Replaces SpringSecurityLdapTemplate with LdapClient for user search
operations.

Closes: spring-projectsgh-17291

Signed-off-by: Andrey Litvitski <[email protected]>
@rwinch
Copy link
Member

rwinch commented Feb 2, 2026

FYI I rebased based off origin/main

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

status: waiting-for-triage An issue we've not yet triaged

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient

3 participants

@therepanic @rwinch @spring-projects-issues