我有一个安装了 spring-security-ldap 插件并配置了 Active Directory 特定选项的 Grails 应用程序。
- Grails 版本:2.1.1。
- spring-security-core 插件版本:2.0-RC2
- spring-security-ldap 插件版本:2.0-RC2
一切正常:用户登录到应用程序验证 Active Directory 并检索他们的组以控制对不同页面的访问。
我的问题:“记住我”选项不起作用。我已经配置了应用程序以使用“记住我”选项,并且我已经运行了 s2-create-persistent-token 命令。我还激活了特定的痕迹。一切正常:用户成功登录应用程序并选中“记住我”选项,创建令牌并将 cookie 发送到客户端。用户关闭浏览器,然后重新打开它。此时,应用程序成功验证 cookie 中的用户与持久令牌中的用户匹配。然后我可以在日志中看到这个
userdetails.LdapUserDetailsManager - Loading user 'sAMAccountName' with DN 'cn=sAMAccountName,dc=company,dc=country'
rememberme.PersistentTokenBasedRememberMeServices - Remember-me login was valid but corresponding user not found.
Message: User sAMAccountName not found
Line | Method
->> 49 | doFilter in grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 82 | doFilter in grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
| 886 | runTask in java.util.concurrent.ThreadPoolExecutor$Worker
| 908 | run in ''
^ 619 | run . . in java.lang.Thread
Caused by NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-031001CD, problem 2001 (NO_OBJECT), data 0, best match of:
'DC=company,DC=country'
第一个日志行显示用户的无效 DN。用户的 DN 是这样的
cn=名称,ou=集团,ou=超级集团,dc=公司,dc=国家
可能是这个问题吗?我该如何解决?
我的配置
// Spring Security
grails.plugin.springsecurity.logout.postOnly = false
// Spring Security LDAP
grails.plugin.springsecurity.ldap.context.managerDn = 'CN="a user",OU="a group",DC="company",DC="country"'
grails.plugin.springsecurity.ldap.context.managerPassword = '"password"'
grails.plugin.springsecurity.ldap.context.server = 'ldap://"server":389'
grails.plugin.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugin.springsecurity.ldap.search.base = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.search.filter="sAMAccountName={0}"
grails.plugin.springsecurity.ldap.search.searchSubtree = true
grails.plugin.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['dn', 'cn', 'ou', 'givenName', 'sn', 'department']
grails.plugin.springsecurity.ldap.authenticator.attributesToReturn = ['dn', 'cn', 'ou', 'givenName', 'sn', 'department']
grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider', 'rememberMeAuthenticationProvider']
// role-specific LDAP config
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = '(member:1.2.840.113556.1.4.1941:={0})' // Active Directory specific
grails.plugin.springsecurity.successHandler.defaultTargetUrl = '/home'
grails.plugin.springsecurity.rememberMe.persistent = true
grails.plugin.springsecurity.rememberMe.persistentToken.domainClassName = 'censo.auth.PersistentLogin'
grails.plugin.springsecurity.ldap.useRememberMe = true
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupMemberAttributeName = 'member'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupRoleAttribute = 'CN'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.groupSearchBase = 'OU="another group",dc="company",dc="country"'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.passwordAttributeName = 'userPassword'
grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.userDnBase = 'dc="company",dc="country"'
grails.plugin.springsecurity.ldap.rememberMe.usernameMapper.usernameAttribute = 'cn'
grails.plugin.springsecurity.ldap.rememberMe.detailsManager.attributesToRetrieve = null
先感谢您