Why do I have the error 'successful bind must be completed on the connection' when I try to connect to my Active Directory with spring boot?

Question

I have some struggle with the connection of my AD to Spring Boot. I use Windows Server 2012 for my Active Directory.

I want to secure my API request. Per example, I want members of the group Sales to only being able to call the api www.company.com\sales\2022 and not the other departements.

For this, I want to authenticate users with their AD accounts and check their group, so I can give them or not the permission to call the request mapping.

I tried a simple code to check If I can access to my AD with SpringBoot and it was successfull, but this wasn't the best way to do it (security problem!).

So I tried a better way that I found here:

@Configuration
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {

  @Override
  protected void configure(HttpSecurity http) throws Exception {
    http
      .authorizeRequests()
        .anyRequest().fullyAuthenticated()
        .and()
      .formLogin();
  }

  @Override
  public void configure(AuthenticationManagerBuilder auth) throws Exception {
    auth
      .ldapAuthentication()
        .userSearchFilter("(&(objectCategory=user)(sAMAccountname={0}))")
        .userSearchBase("OU=Users,OU=INT,OU=Companies, DC=mycompany,DC=com")
        .contextSource()
          .url("ldap://adserver.mycompany.com/")
          .and()
        .passwordCompare()
          .passwordEncoder(new BCryptPasswordEncoder())
          .passwordAttribute("userPassword");
  }

I changed the values with the Active Directory's parameters. But when I try to log in I have this error :

Uncategorized exception occured during LDAP processing; nested exception is javax.naming.NamingException: [LDAP: error code 1 - 000004DC: LdapErr: DSID-0C090A71, comment: In order to perform this operation a successful bind must be completed on the connection., data 0, v3839]; remaining name 'ou=Users,ou=INT,ou=Companies,dc=mycompany,dc=com'

I don't know what I am doing wrong. Maybe do I have to add an user that have the rights to check values in the AD?