我使用 dsquery 来接收有关我在AD中登录的信息,并且收到有关我所属组的名称的信息。
-名称
CN=Surname Name I,OU=CITY,OU=FOLDER,OU=Users,DC=domain,DC=com
-组
CN=Name-of-Group Using Spaces, OU=Department ,OU=Folder_two,OU=Folder_one,OU=Groups,DC=domain,DC=com
因此,我只想让我或属于我的组的用户接受登录(
CN =组名使用空间
)。这是我的
Config.groovy
grails.plugin.springsecurity.ldap.context.managerDn = 'Surname Name I,OU=CITY,OU=FOLDER,OU=Users,DC=domain,DC=com'
grails.plugin.springsecurity.ldap.context.managerPassword = 'password'
grails.plugin.springsecurity.ldap.context.server = 'ldap://server:xxx/'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'DC=domain,DC=com'
grails.plugin.springsecurity.ldap.search.filter="(&(sAMAccountName={0})(objectclass=user))"
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/view/index'
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions= false
grails.plugin.springsecurity.providerNames=['ldapAuthProvider']
grails.plugin.springsecurity.securityConfigType = 'Annotation'
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/view/index':['IS_AUTHENTICATED_FULLY']
// '/view/index':['ROLE_Name-of-Group Using Spaces'] - this is what I tryed to use also and Its not working
]
这是有效的配置,但是问题是来自域的任何用户都可以访问。
最佳答案
这是解决方案:
grails.plugin.springsecurity.ldap.context.managerDn = 'Surname Name I,OU=CITY,OU=FOLDER,OU=Users,DC=domain,DC=com'
grails.plugin.springsecurity.ldap.context.managerPassword = 'password'
grails.plugin.springsecurity.ldap.context.server = 'ldap://server:xxx/'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'DC=domain,DC=com'
grails.plugin.springsecurity.ldap.search.filter="(&(sAMAccountName={0})(|(memberOf=CN=Name-of-Group #1 Using Spaces, OU=Department ,OU=Folder_two,OU=Folder_one,OU=Groups,DC=domain,DC=com)(memberOf=CN=Name-of-Group #2 Using Spaces, OU=Department ,OU=Folder_two,OU=Folder_one,OU=Groups,DC=domain,DC=com)))"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.providerNames=['ldapAuthProvider']
grails.plugin.springsecurity.securityConfigType = "Annotation"
grails.plugin.springsecurity.controllerAnnotations.staticRules = [
'/**': ['isFullyAuthenticated()']
]
关于spring - 使用用户组进行Grails Spring Security 2.0 Active Directory身份验证,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/22042732/