Can't retrieve attributes at Authentication phase

Daniel Fisher dfisher at
Fri May 1 10:36:07 EDT 2015

On Fri, May 1, 2015 at 8:15 AM, Ranil De Silva <
ranil.desilva at> wrote:

> Hi
> I am trying to retrieve the user's mobile number at the authentication
> phase. We have an Active Directory LDS server. In my previous experience AD
> servers didn't need any special permissions to read the directory but AD
> LDS has three roles - admin, readers and users. Users can't retrieve
> anything from the LDAP but can authenticate against it. While readers can
> read the LDAP and attributes and admins have full access. So once I created
> a reader user and configured its credentials, I am now getting attributes
> from the LDAP at the attribute resolution phase but nothing at the
> authentication phase.
> I initially thought the problem might be the fact I was
> using adAuthenticator and that did not seem to set the bind credentials (so
> that we use the reader credentials) so I switched to using the
> bindSearchAuthenticator but still not getting anything returned. Logs are
> shown below. I am checking the LdapEntry within the LDAPResponseContext for
> the attributes.
> Any help or hints would be much appreciated!

You need to wire up a SearchEntryResolver that has the credentials to view
the attributes you want. I'll try to get you some documentation on that
later today.

--Daniel Fisher
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list