在Grails Spring应用程序中获取LDAP属性memberof [英] Fetching LDAP attribute memberof inside Grails Spring application

问题描述

我被困在一个非常愚蠢的问题中，试图使用spring-security-core和spring-security-ldap插件在Grails应用程序（书店）中实现基于LDAP角色的认证/授权。我创建了一个自定义的UserDetailsContextMapper并试图将我的LDAP角色映射到应用程序角色。但是， memberof 属性永远不会返回到属性中。

  UserDetails mapUserFromContext（DirContextOperations ctx，String用户名，
集合权限）{
属性attributes = ctx.getAttributes（）; 
 Object [] groups = new Object [10]; 
 groups = ctx.getObjectAttributes（memberof）; //返回空数组
 
 Set< GrantedAuthority> authority = new HashSet< GrantedAuthority>（）; （对象组：group）{
 if（group.toString（）。toLowerCase（）。contains（ROLE_FROM_LDAP.toLowerCase（））== true）{$ b $（
 
） b authority.add（新的SimpleGrantedAuthority（ROLE_APP））; 
休息; 
} 
} 
 
 User userDetails = new User（username，，false，false，false，false，authority）; 
返回userDetails; 
} 
  

有趣的是，当我使用 ldapsearch ，我确实得到了返回的属性。

我坚持的是如何配置请求：的等效项（如下所示，使用 ldapsearch ）在Grails LDAP配置中，以便插件能够获取memberof属性（我试图用 ldap.search.attributesToReturn 将它添加到Grails LDAP插件配置中，但无济于事）。

$ $ p $ ldapsearch -t -x -bou = people，dc = domain，dc = com cn = myusernamememberof
.....
＃LDAPv3
＃base< ou = people，dc = domain，dc = com> with scope subtree
＃filter：cn = myusername
＃requests：memberof
＃
.....
dn：cn = myusername，ou = people，dc = domain，dc = com
memberOf：cn = ROLE_FROM_LDAP，ou = groups，dc = domain，dc = com


以下是Grails LDAP配置：

  grails {
插件{
 springsecurity {
 providerNames：['ldapAuthProvider'，'anonymousAuthenticationProvider'] 
 ldap {
 useRememberMe = false 
 context {
 managerDn ='cn = manager，dc = domain， dc = com'
 managerPassword ='secret'
 server ='ldap：// localhost：389 /'
} 
 search {
ase ='ou = people ，dc = domain，dc = com'
 filter ='cn = {0}'
 searchSubtr ee = true 
 attributesToReturn：['memberOf'] //你想返回的额外属性
} 
 auth {
 hideUserNotFoundExceptions = false 
} 
权限{ 
 retrieveDatabaseRoles = false 
 retrieveGroupRoles = true 
 groupSearchBase ='ou = groups，dc = domain，dc = com'
 groupSearchFilter ='member = {0}'
 } 
 
 
 
 
 $ b 
解决方案
您可以注入springSecurityService并获取像： 
 
 
  springSecurityService.getPrincipal（）。getAuthorities ）
  
 
I am stuck possibly at a very stupid question, trying to implement LDAP role based authentication/authorization in a Grails application (bookstore) using spring-security-core and spring-security-ldap plugins. I created a custom UserDetailsContextMapper and trying to map my LDAP role with application role. However, the memberof attribute is never returned in the attributes.
UserDetails mapUserFromContext(DirContextOperations ctx, String username,
                                  Collection authorities) { 
        Attributes attributes = ctx.getAttributes();
        Object[] groups = new Object[10];
        groups = ctx.getObjectAttributes("memberof"); //returns empty array 

        Set<GrantedAuthority> authority = new HashSet<GrantedAuthority>();

        for(Object group: groups){
            if (group.toString().toLowerCase().contains("ROLE_FROM_LDAP".toLowerCase()) == true){
                authority.add(new SimpleGrantedAuthority("ROLE_APP"));
                break;          
            }           
        }

        User userDetails = new User(username, "", false, false, false, false, authority); 
        return userDetails;
}
Interestingly, when I run a query on LDAP using ldapsearch, I do get the attribute returned. 


What I am stuck at is how to configure the equivalent of "requesting:" (as shown below with ldapsearch) in the Grails LDAP configuration so that the plugin is able to fetch the "memberof" attribute (I tried adding that to Grails LDAP plugin configuration with ldap.search.attributesToReturn but to no avail).
ldapsearch -t -x -b "ou=people,dc=domain,dc=com" "cn=myusername" memberof
.....
# LDAPv3
# base <ou=people,dc=domain,dc=com> with scope subtree
# filter: cn=myusername
# requesting: memberof
#
.....
dn: cn=myusername,ou=people,dc=domain,dc=com
memberOf: cn=ROLE_FROM_LDAP,ou=groups,dc=domain,dc=com
Following is the Grails LDAP configuration:
grails {
    plugin {
        springsecurity {
            providerNames: ['ldapAuthProvider', 'anonymousAuthenticationProvider']          
            ldap {
                useRememberMe = false               
                context {
                    managerDn = 'cn=manager,dc=domain,dc=com'                   
                    managerPassword = 'secret'
                    server = 'ldap://localhost:389/'
                }      
                search {
                    base = 'ou=people,dc=domain,dc=com'
                    filter = 'cn={0}'
                    searchSubtree = true
                    attributesToReturn: ['memberOf'] //extra attributes you want returned
                }               
                auth {
                    hideUserNotFoundExceptions = false
                }
                authorities {
                    retrieveDatabaseRoles = false
                    retrieveGroupRoles = true
                    groupSearchBase = 'ou=groups,dc=domain,dc=com'                  
                    groupSearchFilter = 'member={0}'           
                }               
            }
        }
    }
}

解决方案
You can inject springSecurityService and fetch like:
springSecurityService.getPrincipal().getAuthorities()


                        
这篇关于在Grails Spring应用程序中获取LDAP属性memberof的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！