Support SAM-Account-Name of AD Provider

Windows Active Directory提供User Principle Name(簡稱UPN)與SAM Account Name(簡稱SAM)兩種登入方式:

然而ActiveDirectoryLdapAuthenticationProvider僅支援UPN的驗證方式。因此本篇文章主要告訴大家如何支援SAM驗證方式。 ===== How to =====? 在開始修改Provider前，我要先確認JNDI是否有辦法支援SAM。因此我撰寫以下程式碼做確認:

LdapContextSource contextSource = new DefaultSpringSecurityContextSource("ldap://10.134.15.138:389");
contextSource.setBase("DC=TEST,DC=SSM");
//contextSource.setUserDn("test@TEST.SSM");
contextSource.setUserDn("TEST\\test");
contextSource.setPassword("123456");
DirContextAuthenticationStrategy strategy = createTLSStrategy();
contextSource.setAuthenticationStrategy(strategy);
contextSource.afterPropertiesSet();
 
LdapTemplate ldapTemplate = new LdapTemplate(contextSource);
ldapTemplate.afterPropertiesSet();
 
SearchControls sc = new SearchControls();
sc.setSearchScope(SearchControls.SUBTREE_SCOPE);
 
ldapTemplate.search("cn=Users", "(&(objectClass=user)(userPrincipalName=tester@test.ssm))", sc, new NameClassPairCallbackHandler() {		
	@Override
	public void handleNameClassPair(NameClassPair nameClassPair) {
		System.out.println(nameClassPair.getName());
	}
});
 
ldapTemplate.search("cn=Users", "(&(objectClass=user)(samaccountname=tester))", sc, new NameClassPairCallbackHandler() {	
	@Override
	public void handleNameClassPair(NameClassPair nameClassPair) {
		System.out.println(nameClassPair.getName());
	}
});

• SAM-Account-Name attribute
• Github - ActiveDirectoryLdapAuthenticationProvider.java