Grails Spring LDAP身份验证失败
Grails Spring LDAP身份验证失败
提问于 2014-05-01 00:01:28
我正在尝试让grails spring ldap访问work.No,无论我怎么尝试,我都不能成功地进行身份验证。我不确定是什么导致了我的error.Here是因为我的配置:
grails.plugin.springsecurity.ldap.context.managerDn = 'cn=root'
grails.plugin.springsecurity.ldap.context.managerPassword = '<value>'
grails.plugin.springsecurity.ldap.context.server = 'ldap://myserver.com:389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base ='o=<value>,c=<value'
grails.plugin.springsecurity.ldap.search.filter = 'sAMAccountName={0}'
grails.plugin.springsecurity.ldap.search.searchSubtree = true
//grails.plugin.springsecurity.password.algorithm = 'SHA-1'
//grails.plugins.springsecurity.ldap.search.derefLink = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
//grails.plugin.springsecurity.ldap.mapper.userDetailsClass = 'person'
//grails.plugin.springsecurity.ldap.search.attributesToReturn = ['cn', 'displayName'] // extra attributes you want returned
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider']
// role-specific LDAP config
//grails.plugin.springsecurity.ldap.useRememberMe = false
//grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
//grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
//grails.plugin.springsecurity.ldap.authenticator.useBind = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase='cn=myUser'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'日志:
2014-04-30 10:24:52,374 [http-bio-8099-exec-8] DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider
2014-04-30 10:24:52,418 [http-bio-8099-exec-8] DEBUG authentication.LdapAuthenticationProvider - Processing authentication request for user: cn=<userid> 2014-04-30 10:24:52,418
[http-bio-8099-exec-8] DEBUG search.FilterBasedLdapUserSearch - Searching for user 'cn= <userid>', with user search [ searchFilter: '(uid={0})', searchBase: 'o=<value>,c=<value>', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]
2014-04-30 10:24:52,422 [http-bio-8099-exec-8] DEBUG ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'o=<value>,c=<value>', filter = '(uid={0})'
2014-04-30 10:24:52,422 [http-bio-8099-exec-8] DEBUG rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
2014-04-30 10:24:52,423 [http-bio-8099-exec-8] DEBUG rememberme.TokenBasedRememberMeServices - Cancelling cookie 2014-04-30 10:24:52,423
[http-bio-8099-exec-8] DEBUG web.DefaultRedirectStrategy - Redirecting to '/LDAPTest1/login/authfail?login_error=1'请指教
Java代码:`
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
public static String MY_HOST = "ldap://myserver:389";
public static String MY_SEARCHBASE = "o=<value>,c=<value>";
public static String MY_FILTER = "cn=<userid>";
public static String MGR_DN = "cn=root";
public static String MGR_PW = "<pwd>";
Hashtable env = new Hashtable();
env.put(Context.INITIAL_CONTEXT_FACTORY,INITCTX);
env.put(Context.PROVIDER_URL,MY_HOST);
env.put(Context.SECURITY_AUTHENTICATION,"simple");
env.put(Context.SECURITY_PRINCIPAL,MGR_DN);
env.put(Context.SECURITY_CREDENTIALS,MGR_PW);
DirContext ctx = new InitialDirContext(env);
SearchControls constraints = new SearchControls();
constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//performs the actual search
//We give it a searchbase, a filter and the contraints containing the scope
//of the search
NamingEnumeration results = ctx.search(MY_SEARCHBASE,MY_FILTER,constraints);`
回答 1
Stack Overflow用户
发布于 2014-05-01 03:15:00
所以,another user had a similar problem。
看起来他更改的主要值也与您的不同是
grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false此外,您的groupSearchBase应该是组,而不是特定用户。因此,不是
grails.plugin.springsecurity.ldap.authorities.groupSearchBase='cn=myUser'它应该更像是
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='DC=Group,DC=com'似乎您在工作的Java代码中使用的搜索过滤器与在grails配置中使用的搜索过滤器不同。您的java代码有一个"cn=<userid>"筛选器,但您的Grails配置使用的是'sAMAccountName={0}‘。我认为sAMAccountName是Microsoft Active Directory系统的首选,但是您的LDAP服务器可能不同。
最后需要检查的是:您还需要为Spring Security Core配置一些东西。以下是上述链接中的示例:
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'org.example.SecUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'org.example.SecUserSecRole'
grails.plugins.springsecurity.authority.className = 'org.example.SecRole'如果您不太确定要为这些设置使用什么值,请查看Spring Security插件文档。您需要设置一些必需的域类。http://grails-plugins.github.io/grails-spring-security-core/docs/manual/
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/23392874
复制相关文章
相似问题
腾讯云开发者
