grails: spring-security and LDAP only

I'm having the following error:

2011-06-27 17:23:57,241 [http-8080-1] DEBUG authentication.LdapAuthenticationProvider  - Processing authentication request for use
r: nvb0343
2011-06-27 17:23:57,241 [http-8080-1] DEBUG search.FilterBasedLdapUserSearch  - Searching for user 'xxxxxx', with user search [ s
earchFilter: 'sAMAccountName={0}', searchBase: 'DC=GrupoCGD,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ]
2011-06-27 17:23:57,272 [http-8080-1] DEBUG rememberme.TokenBasedRememberMeServices  - Interactive login attempt was unsuccessful.

2011-06-27 17:23:57,272 [http-8080-1] DEBUG rememberme.TokenBasedRememberMeServices  - Cancelling cookie
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.DefaultRedirectStrategy  - Redirecting to '/fce-test-app/login/authfail?login_erro
r=1'
2011-06-27 17:23:57,272 [http-8080-1] DEBUG context.SecurityContextPers开发者_Python百科istenceFilter  - SecurityContextHolder now cleared, as requ
est processing completed
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.FilterChainProxy  - Converted URL to lowercase, from: '/login/authfail'; to: '/log
in/authfail'
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.FilterChainProxy  - Candidate is: '/login/authfail'; pattern is /**; matched=true
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.FilterChainProxy  - /login/authfail?login_error=1 at position 1 of 8 in additional
 filter chain; firing Filter: 'SecurityContextPersistenceFilter'

here's my config:

grails.plugins.springsecurity.ldap.search.derefLink = true    
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider']

//grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugins.springsecurity.ldap.context.managerDn = 'XXX\XXX'
grails.plugins.springsecurity.ldap.context.managerPassword = 'changeme'
grails.plugins.springsecurity.ldap.context.server = 'ldap://my.ldap.service:389/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugins.springsecurity.ldap.search.base = 'DC=XXX,DC=com' 
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false

grails.plugins.springsecurity.ldap.useRememberMe = false
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='dc=*,dc=*'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'

I've tried gazillions of combinations, but it seems that grails always tries the rememberMe service:

rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful

I've managed to solve it. It was a configuration error. Here's a link for posterity: https://gist.github.com/1053710