Spring ldap multiple group bases in authoritiespopulator

Question

Is there any way in Spring to set it up such that an authoritiespopulator will look in more than one location?

<bean id="authoritiesPopulator" class="org.springframework.security.ldap.populator.DefaultLdapAuthoritiesPopulator">
    <constructor-arg ref="contextSource" />
    <constructor-arg value="CN=Users" />
    <property name="groupRoleAttribute" value="CN" />
    <property name="searchSubtree" value="true" />
    <property name="rolePrefix" value="" />
    <property name="convertToUpperCase" value="false" />
</bean>

This is the general idea, but there are also groups in CN=OtherGroups, and right now they don't get loaded (obviously). However, setting the groupsearchbase (the 2nd constructor arg) to value="" results in an error:

Unprocessed Continuation Reference(s); remaining name ''

Any ideas?

Answer 1

Answer: set referral to follow.

<bean id="contextSource" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
  ....
  <property name="baseEnvironmentProperties">
      <map>
          <entry key="java.naming.referral" value="follow" />
      </map>
  </property>
</bean>