grails: spring-security and LDAP only
I'm having the following error:
2011-06-27 17:23:57,241 [http-8080-1] DEBUG authentication.LdapAuthenticationProvider - Processing authentication request for use
r: nvb0343
2011-06-27 17:23:57,241 [http-8080-1] DEBUG search.FilterBasedLdapUserSearch - Searching for user 'xxxxxx', with user search [ s
earchFilter: 'sAMAccountName={0}', searchBase: 'DC=GrupoCGD,DC=com', scope: subtree, searchTimeLimit: 0, derefLinkFlag: true ]
2011-06-27 17:23:57,272 [http-8080-1] DEBUG rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful.
2011-06-27 17:23:57,272 [http-8080-1] DEBUG rememberme.TokenBasedRememberMeServices - Cancelling cookie
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.DefaultRedirectStrategy - Redirecting to '/fce-test-app/login/authfail?login_erro
r=1'
2011-06-27 17:23:57,272 [http-8080-1] DEBUG context.SecurityContextPers开发者_Python百科istenceFilter - SecurityContextHolder now cleared, as requ
est processing completed
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.FilterChainProxy - Converted URL to lowercase, from: '/login/authfail'; to: '/log
in/authfail'
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.FilterChainProxy - Candidate is: '/login/authfail'; pattern is /**; matched=true
2011-06-27 17:23:57,272 [http-8080-1] DEBUG web.FilterChainProxy - /login/authfail?login_error=1 at position 1 of 8 in additional
filter chain; firing Filter: 'SecurityContextPersistenceFilter'
here's my config:
grails.plugins.springsecurity.ldap.search.derefLink = true
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider']
//grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugins.springsecurity.ldap.context.managerDn = 'XXX\XXX'
grails.plugins.springsecurity.ldap.context.managerPassword = 'changeme'
grails.plugins.springsecurity.ldap.context.server = 'ldap://my.ldap.service:389/'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
grails.plugins.springsecurity.ldap.search.base = 'DC=XXX,DC=com'
grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.useRememberMe = false
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugins.springsecurity.ldap.authorities.groupSearchBase ='dc=*,dc=*'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
I've tried gazillions of combinations, but it seems that grails always tries the rememberMe service:
rememberme.TokenBasedRememberMeServices - Interactive login attempt was unsuccessful
I've managed to solve it. It was a configuration error. Here's a link for posterity: https://gist.github.com/1053710
精彩评论