grails - Grails Spring LDAP身份验证失败

标签 grails spring-ldap

我正在尝试使grails spring ldap正常工作。无论我如何尝试,我都无法通过身份验证。我不确定是什么导致了我的错误。这是我的配置:

  grails.plugin.springsecurity.ldap.context.managerDn = 'cn=root'
grails.plugin.springsecurity.ldap.context.managerPassword = '<value>'
grails.plugin.springsecurity.ldap.context.server = 'ldap://myserver.com:389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base ='o=<value>,c=<value'
grails.plugin.springsecurity.ldap.search.filter = 'sAMAccountName={0}'
grails.plugin.springsecurity.ldap.search.searchSubtree = true
 //grails.plugin.springsecurity.password.algorithm = 'SHA-1'
//grails.plugins.springsecurity.ldap.search.derefLink = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
//grails.plugin.springsecurity.ldap.mapper.userDetailsClass = 'person'
//grails.plugin.springsecurity.ldap.search.attributesToReturn = ['cn', 'displayName'] // extra attributes you want returned
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider']

 // role-specific LDAP config
 //grails.plugin.springsecurity.ldap.useRememberMe = false
//grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
//grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
//grails.plugin.springsecurity.ldap.authenticator.useBind = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase='cn=myUser'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'

日志:
2014-04-30 10:24:52,374 [http-bio-8099-exec-8] DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider 
2014-04-30 10:24:52,418 [http-bio-8099-exec-8] DEBUG authentication.LdapAuthenticationProvider - Processing authentication request for user: cn=<userid> 2014-04-30 10:24:52,418
[http-bio-8099-exec-8] DEBUG search.FilterBasedLdapUserSearch - Searching for user 'cn=   <userid>', with user search [ searchFilter: '(uid={0})', searchBase: 'o=<value>,c=<value>', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ] 
2014-04-30 10:24:52,422 [http-bio-8099-exec-8] DEBUG ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'o=<value>,c=<value>', filter = '(uid={0})' 
2014-04-30 10:24:52,422 [http-bio-8099-exec-8] DEBUG rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
2014-04-30 10:24:52,423 [http-bio-8099-exec-8] DEBUG rememberme.TokenBasedRememberMeServices - Cancelling cookie 2014-04-30 10:24:52,423 
[http-bio-8099-exec-8] DEBUG web.DefaultRedirectStrategy - Redirecting to '/LDAPTest1/login/authfail?login_error=1'

请指教

Java代码:
`
public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory";
    public static String MY_HOST = "ldap://myserver:389";
    public static String MY_SEARCHBASE = "o=<value>,c=<value>";
    public static String MY_FILTER = "cn=<userid>";
    public static String MGR_DN = "cn=root";
    public static String MGR_PW = "<pwd>";

Hashtable env = new Hashtable();
            env.put(Context.INITIAL_CONTEXT_FACTORY,INITCTX);
            env.put(Context.PROVIDER_URL,MY_HOST);
            env.put(Context.SECURITY_AUTHENTICATION,"simple");
            env.put(Context.SECURITY_PRINCIPAL,MGR_DN);
            env.put(Context.SECURITY_CREDENTIALS,MGR_PW);
            DirContext ctx = new InitialDirContext(env);
            SearchControls constraints = new SearchControls();
            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE);
//performs the actual search  
//We give it a searchbase, a filter and the contraints containing the scope  
//of the search  
            NamingEnumeration results = ctx.search(MY_SEARCHBASE,MY_FILTER,constraints);

`

最佳答案

因此,another user had a similar problem

看起来他更改的主要值(value)观也与您不同

grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false

另外,您的groupSearchBase应该是组,而不是特定用户。所以代替
grails.plugin.springsecurity.ldap.authorities.groupSearchBase='cn=myUser'

它可能应该更像
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='DC=Group,DC=com'

似乎您正在使用的Java代码中使用的搜索筛选器与grails配置中使用的搜索筛选器不同。您的Java代码具有"cn=<userid>"过滤器,但您的Grails配置使用的是'sAMAccountName = {0}'。我认为sAMAccountName是Microsoft Active Directory系统首选的,但是您的LDAP服务器可能有所不同。

最后要检查的一件事:还需要为Spring Security Core配置一些东西。这是上面链接的示例:
// Added by the Spring Security Core plugin:
grails.plugins.springsecurity.userLookup.userDomainClassName = 'org.example.SecUser'
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'org.example.SecUserSecRole'
grails.plugins.springsecurity.authority.className = 'org.example.SecRole'

如果您不确定这些设置要使用什么值,请查阅Spring Security Plugin文档。您需要设置一些必需的域类。
http://grails-plugins.github.io/grails-spring-security-core/docs/manual/

关于grails - Grails Spring LDAP身份验证失败,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/23392874/

上一篇:git - 致命的 : 'jigar/test.git' does not appear to be a git repository fatal: The remote end hung up unexpectedly

下一篇:hibernate - 在未映射的表上执行更新

相关文章:

java - Spring Security Active Directory 忽略 PartialResultException

java - 使用 spring 的 LDAP 主动通知

java - LdapRepository 更新 spring-ldap

Grails GORM 整数验证

java - LDAP 密码策略不会引发不同的错误

grails 错误 : grails. 验证。Validateable 不是 @grails.validation.Validateable 中的注释

grails - 大量更新

java - 无法使用 Spring 处理程序捕获 LDAP CommunicationException

grails - 异步任务后合并期间出错

java - 如何合并两个 Hibernate 查询?

©2024 IT工具网  联系我们