Skip to content

Comments

Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient#18627

Open
therepanic wants to merge 1 commit intospring-projects:mainfrom
therepanic:gh-17291
Open

Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient#18627
therepanic wants to merge 1 commit intospring-projects:mainfrom
therepanic:gh-17291

Conversation

@therepanic
Copy link
Contributor

@therepanic therepanic commented Feb 1, 2026

Replaces SpringSecurityLdapTemplate with LdapClient for user search operations.

Closes: gh-17291

therepanic
therepanic commented Feb 1, 2026
View reviewed changes
...ringframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
LdapClient ldapClient = LdapClient.builder()
.contextSource(contextSource)
.defaultSearchControls(() -> searchControls)
.ignorePartialResultException(true)
Copy link
Contributor Author

@therepanic therepanic Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SpringSecurityLdapTemplate#searchForSingleEntryInternal behavior also ignores partial result exceptions.

therepanic
therepanic commented Feb 1, 2026
View reviewed changes
...ringframework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProvider.java
Comment on lines 318 to +338
}
catch (org.springframework.ldap.NamingException ex) {
throw badCredentials(ex);
}
Copy link
Contributor Author

@therepanic therepanic Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what you should do, otherwise the tests will fail.

therepanic
therepanic commented Feb 1, 2026
View reviewed changes
...ramework/security/ldap/authentication/ad/ActiveDirectoryLdapAuthenticationProviderTests.java
Comment on lines -100 to +101
given(this.ctx.search(any(Name.class), eq(customSearchFilter), any(Object[].class), any(SearchControls.class)))
given(this.ctx.search(any(Name.class), any(String.class), any(SearchControls.class)))
Copy link
Contributor Author

@therepanic therepanic Feb 1, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not entirely sure whether this is a breaking change or not. Because when switching to LdapClient, we don't accept any(Object[].class) as the fourth argument, so we don't need to mock it.

@spring-projects-issues spring-projects-issues added the status: waiting-for-triage An issue we've not yet triaged label Feb 1, 2026
@therepanic
Copy link
Contributor Author

therepanic commented Feb 1, 2026

I don't quite understand whether this is breaking Change or not, please take a look at #18627 (comment)

@rwinch
Copy link
Member

rwinch commented Feb 2, 2026

FYI I rebased based off origin/main

@jzheaux jzheaux self-assigned this Feb 18, 2026
@jzheaux jzheaux added in: ldap An issue in spring-security-ldap type: enhancement A general enhancement and removed status: waiting-for-triage An issue we've not yet triaged labels Feb 18, 2026
@therepanic @jzheaux
Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient
d192367 
Replaces SpringSecurityLdapTemplate with LdapClient for user search
operations.

Closes: spring-projectsgh-17291

Signed-off-by: Andrey Litvitski <andrey1010102008@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@jzheaux jzheaux

Labels

in: ldap An issue in spring-security-ldap type: enhancement A general enhancement

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Change ActiveDirectoryLdapAuthenticationProvider to use LdapClient

4 participants

@therepanic @rwinch @jzheaux @spring-projects-issues