grails之Grails Spring LDAP身份验证失败

EasonJim 2025年12月25日编程语言 31 0

我正在尝试使grails spring ldap正常工作。无论我如何尝试，我都无法通过身份验证。我不确定是什么导致了我的错误。这是我的配置:

  grails.plugin.springsecurity.ldap.context.managerDn = 'cn=root' 
grails.plugin.springsecurity.ldap.context.managerPassword = '<value>' 
grails.plugin.springsecurity.ldap.context.server = 'ldap://myserver.com:389' 
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true 
grails.plugin.springsecurity.ldap.search.base ='o=<value>,c=<value' 
grails.plugin.springsecurity.ldap.search.filter = 'sAMAccountName={0}' 
grails.plugin.springsecurity.ldap.search.searchSubtree = true 
 //grails.plugin.springsecurity.password.algorithm = 'SHA-1' 
//grails.plugins.springsecurity.ldap.search.derefLink = true 
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false 
//grails.plugin.springsecurity.ldap.mapper.userDetailsClass = 'person' 
//grails.plugin.springsecurity.ldap.search.attributesToReturn = ['cn', 'displayName'] // extra attributes you want returned 
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider'] 
 
 // role-specific LDAP config 
 //grails.plugin.springsecurity.ldap.useRememberMe = false 
//grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true 
//grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false 
//grails.plugin.springsecurity.ldap.authenticator.useBind = true 
grails.plugin.springsecurity.ldap.authorities.groupSearchBase='cn=myUser' 
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'

日志:

2014-04-30 10:24:52,374 [http-bio-8099-exec-8] DEBUG authentication.ProviderManager - Authentication attempt using org.springframework.security.ldap.authentication.LdapAuthenticationProvider  
2014-04-30 10:24:52,418 [http-bio-8099-exec-8] DEBUG authentication.LdapAuthenticationProvider - Processing authentication request for user: cn=<userid> 2014-04-30 10:24:52,418 
[http-bio-8099-exec-8] DEBUG search.FilterBasedLdapUserSearch - Searching for user 'cn=   <userid>', with user search [ searchFilter: '(uid={0})', searchBase: 'o=<value>,c=<value>', scope: subtree, searchTimeLimit: 0, derefLinkFlag: false ]  
2014-04-30 10:24:52,422 [http-bio-8099-exec-8] DEBUG ldap.SpringSecurityLdapTemplate - Searching for entry under DN '', base = 'o=<value>,c=<value>', filter = '(uid={0})'  
2014-04-30 10:24:52,422 [http-bio-8099-exec-8] DEBUG rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful. 
2014-04-30 10:24:52,423 [http-bio-8099-exec-8] DEBUG rememberme.TokenBasedRememberMeServices - Cancelling cookie 2014-04-30 10:24:52,423  
[http-bio-8099-exec-8] DEBUG web.DefaultRedirectStrategy - Redirecting to '/LDAPTest1/login/authfail?login_error=1'

请指教

Java代码:
`

public static String INITCTX = "com.sun.jndi.ldap.LdapCtxFactory"; 
    public static String MY_HOST = "ldap://myserver:389"; 
    public static String MY_SEARCHBASE = "o=<value>,c=<value>"; 
    public static String MY_FILTER = "cn=<userid>"; 
    public static String MGR_DN = "cn=root"; 
    public static String MGR_PW = "<pwd>"; 
 
Hashtable env = new Hashtable(); 
            env.put(Context.INITIAL_CONTEXT_FACTORY,INITCTX); 
            env.put(Context.PROVIDER_URL,MY_HOST); 
            env.put(Context.SECURITY_AUTHENTICATION,"simple"); 
            env.put(Context.SECURITY_PRINCIPAL,MGR_DN); 
            env.put(Context.SECURITY_CREDENTIALS,MGR_PW); 
            DirContext ctx = new InitialDirContext(env); 
            SearchControls constraints = new SearchControls(); 
            constraints.setSearchScope(SearchControls.SUBTREE_SCOPE); 
//performs the actual search   
//We give it a searchbase, a filter and the contraints containing the scope   
//of the search   
            NamingEnumeration results = ctx.search(MY_SEARCHBASE,MY_FILTER,constraints);

请您参考如下方法:

因此，another user had a similar problem。

看起来他更改的主要值(value)观也与您不同

grails.plugins.springsecurity.conf.ldap.authorities.retrieveGroupRoles = false

另外，您的groupSearchBase应该是组，而不是特定用户。所以代替

grails.plugin.springsecurity.ldap.authorities.groupSearchBase='cn=myUser'

它可能应该更像

grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='DC=Group,DC=com'

似乎您正在使用的Java代码中使用的搜索筛选器与grails配置中使用的搜索筛选器不同。您的Java代码具有 "cn=<userid>"过滤器，但您的Grails配置使用的是'sAMAccountName = {0}'。我认为sAMAccountName是Microsoft Active Directory系统首选的，但是您的LDAP服务器可能有所不同。

最后要检查的一件事:还需要为Spring Security Core配置一些东西。这是上面链接的示例:

// Added by the Spring Security Core plugin: 
grails.plugins.springsecurity.userLookup.userDomainClassName = 'org.example.SecUser' 
grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'org.example.SecUserSecRole' 
grails.plugins.springsecurity.authority.className = 'org.example.SecRole'

如果您不确定这些设置要使用什么值，请查阅Spring Security Plugin文档。您需要设置一些必需的域类。
http://grails-plugins.github.io/grails-spring-security-core/docs/manual/

IT序号网 Spring

微信公众号号：IT虾米（左侧二维码扫一扫）欢迎添加！

Q : 823053937

热贴推荐

grails之Grails Spring LDAP身份验证失败

Q : 823053937

热贴推荐

grails之Grails Spring LDAP身份验证失败

grails之Grails 2.2.0，Spring Security-注销功能不起作用

spring之如何从Grails中的IP地址检索地理位置

spring之Grails-Spring Security- session 设置

spring之Grails GORM中的树状结构

session之从Spring安全 session 序列化中排除属性

grails之安装Spring Security插件后首页更改

grails之在Spring Security UI中自定义registerController

grails之在Grails中显示Spring Security类的属性

spring之在Grails插件中使用Spring DSL

grails之Grails Spring Security Core无法登录

grails之Grails Spring Security:GSP中基于用户的if/else逻辑

grails之测试受 Spring 安全保护的页面