First some clarification on the terminology: Authorities, usually consisting of roles in Spring Security, are application-wide permissions. ACLs (Access Control Lists) on the other hand, specify permissions on specific domain objects. Just as you understand the difference. AD usually contains authorities/roles, but not ACLs.
If you don't want to use the authorities from AD, you can do your own implementation of UserDetailsContextMapper
and inject it in your instance of ActiveDirectoryLdapAuthenticationProvider
. See the Spring Security reference documentation how to specify a custom authentication-provider.
If you want to use the tables (authorities etc) of reference schema, you can use JdbcDaoImpl
to load the user details. You then have to insert the users in the users table but not any passwords since authentication is done through AD. If you want to get rid of the users table however, you must customize the implementation.