<?xml version="1.0" encoding="UTF-8"?>
<beans:beans xmlns="http://www.springframework.org/schema/security" xmlns:beans="http://www.springframework.org/schema/beans"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

    xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
                        http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-5.4.xsd">

    <beans:bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
        <beans:constructor-arg index="0" value="OU=OPIS"/>
        <beans:constructor-arg index="1" value="sAMAccountName={0}"/>
        <beans:constructor-arg index="2" ref="contextSource"/>
    </beans:bean>

    <beans:bean id="authenticationProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
        <beans:constructor-arg>
            <beans:bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
                <beans:constructor-arg ref="contextSource"/>
                <beans:property name="userSearch" ref="userSearch"/>
            </beans:bean>
        </beans:constructor-arg>
        <beans:constructor-arg>
            <beans:bean class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
                <beans:constructor-arg ref="contextSource"/>
                <beans:constructor-arg value="OU=Groups,OU=QA,OU=OPIS"/>
                <beans:property name="groupSearchFilter" value="member={0}"/>
                <beans:property name="rolePrefix" value=""/>
                <beans:property name="searchSubtree" value="true"/>
                <beans:property name="convertToUpperCase" value="true"/>
                <beans:property name="ignorePartialResultException" value="true"/>
            </beans:bean>
        </beans:constructor-arg>
    </beans:bean>

    <beans:bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
        <beans:property name="url" value="ldap://ad_vm:389"/>
        <beans:property name="base" value="dc=opm,dc=gov"/>
        <beans:property name="userDn" value="CN=Administrator,CN=Users,dc=opm,dc=gov"/>
        <beans:property name="password" value="AcMd3v$"/>
        <beans:property name="pooled" value="true"/>
        <!-- AD Specific Setting for avoiding the partial exception error -->
        <beans:property name="referral" value="follow"/>
    </beans:bean>

</beans:beans>
