我正在尝试使用grails spring ldap插件将grails app与ldap身份验证集成。这是我的困惑
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.managerDN = 'CN=acc,DC=two,DC=three'
grails.plugin.springsecurity.ldap.context.managerPassword = 'correctpassword'
grails.plugin.springsecurity.ldap.context.server = 'ldaps://server:636'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'OU=one,DC=two,DC=three'
grails.plugin.springsecurity.ldap.search.filter='sAMAccountName={0}'
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.authorities.prefix = "ROLE_"
grails.plugin.springsecurity.ldap.authorities.defaultRole = "ADMIN"
每次我尝试登录时都会收到错误
pErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e, v1db1 ]; nested exception is javax.naming.Authentic
ationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C0903A9, comment: AcceptSecurityContext error, data 52e,
v1db1 ]
我已经检查过,这意味着凭据无效,但事实并非如此。
然后我检查一下,如果我将correctpassword更改为inncore,会发生什么,并且发生相同的错误,我的配置是否有问题?有什么遗失吗?我的登录控制器是默认控制器,我对访问受限的控制器使用secured注释
答案 0 :(得分:1)
尝试将grails.plugin.springsecurity.ldap.search.filter=sAMAccountName={0}更改为grails.plugin.springsecurity.ldap.search.filter='(&(objectCategory=user)(sAMAccountName={0})),其中objectCategory是AD中的正确类别
它不应该有所作为,因为这只是增加了额外的过滤器,但它为我们解决了同样的问题。此属性可能需要括号或类别过滤器