SecurityConfig parameters for Acegi with Windows Auth

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

SecurityConfig parameters for Acegi with Windows Auth

mfk0213
This post was updated on .
Hi,

I'm using the Acegi plugin to authenticate against Windows Active Directory.  This is what I've included in my Security configuration:

useLdap = true
ldapRetrieveGroupRoles = true
ldapRetrieveDatabaseRoles = false
ldapSearchSubtree = true
ldapGroupRoleAttribute = 'cn'
ldapPasswordAttributeName = 'userPassword'
ldapServer = 'ldap://va.dev.mydomain.local:389'
ldapManagerDn = 'cn=rsecfms_service,ou=service,ou=rsecfms,dc=va,dc=dev,dc=mydomain,dc=local'
ldapManagerPassword = 'password'
ldapSearchBase = 'ou=rsecfms,dc=va,dc=dev,dc=mydomain,dc=local'
ldapSearchFilter = '(sAMAccountName={0})'
ldapGroupSearchBase = 'ou=groups,ou=rsecfms,dc=va,dc=dev,dc=mydomain,dc=local'
ldapGroupSearchFilter = 'sAMAccountName={0}'
ldapUsePassword = true

Unfortunately, it doesn't seem to work (when I log in "wrong user name/password".  I couldn't find ldapPasswordAttributeName = 'userPassword' in the AD schema.  I'm obviously doing something wrong, but I'm not sure what.  Any ideas, would be very much appreciated.  I looked at the debug output from Spring Security, but they weren't too helpful for me (I was hoping for more detail about the LDAP/AD functions to be able to figure out what's actually not working).

Thanks for your help in advance.

-Mo
Reply | Threaded
Open this post in threaded view
|

Crypto Plugin, Bouncy Castle lib's and ssl issue

SanjayGupta
Hi,

In case anybody has this issue. Crypto plugin comes with bouncy castle jdk 1.5 lib which is incompatible with java 1.6. So if you are using jdk 1.6/crypto plugin and have ssl issues in grails please replace jdk 1.5 version of the bouncy castle library with 1.6 version. I wasted many hour on this issue.


Thanks,

Sanjay

---------------------------------------------------------------------
To unsubscribe from this list, please visit:

    http://xircles.codehaus.org/manage_email


Reply | Threaded
Open this post in threaded view
|

Re: SecurityConfig parameters for Acegi with Windows Auth

mfk0213
In reply to this post by mfk0213
Does any one have any suggestions on this issue?  I'm looking for the right LDAP parameters for the Security Config for Acegi/Spring Security to be able to authenticate against Active Directory.

Your help is much appreciated.

Thanks,
Mo

mfk0213 wrote
Hi,

I'm using the Acegi plugin to authenticate against Windows Active Directory.  This is what I've included in my Security configuration:

useLdap = true
ldapRetrieveGroupRoles = true
ldapRetrieveDatabaseRoles = false
ldapSearchSubtree = true
ldapGroupRoleAttribute = 'cn'
ldapPasswordAttributeName = 'userPassword'
ldapServer = 'ldap://va.dev.mydomain.local:389'
ldapManagerDn = 'cn=rsecfms_service,ou=service,ou=rsecfms,dc=va,dc=dev,dc=mydomain,dc=local'
ldapManagerPassword = 'password'
ldapSearchBase = 'ou=rsecfms,dc=va,dc=dev,dc=mydomain,dc=local'
ldapSearchFilter = '(sAMAccountName={0})'
ldapGroupSearchBase = 'ou=groups,ou=rsecfms,dc=va,dc=dev,dc=mydomain,dc=local'
ldapGroupSearchFilter = 'sAMAccountName={0}'
ldapUsePassword = true

Unfortunately, it doesn't seem to work (when I log in "wrong user name/password".  I couldn't find ldapPasswordAttributeName = 'userPassword' in the AD schema.  I'm obviously doing something wrong, but I'm not sure what.  Any ideas, would be very much appreciated.  I looked at the debug output from Spring Security, but they weren't too helpful for me (I was hoping for more detail about the LDAP/AD functions to be able to figure out what's actually not working).

Thanks for your help in advance.

-Mo