Another newbie question with grails-spring-security core/ldap implementation.
( Grails 2.4.4
I had setup an openLdap server (locally for a test), and from my grails app, authenticated user with the only the LDAP, no database stored users/roles info, everything is from LDAP (that's the requirement anyway)
So far I had gotten ok with authenticating all the ldap users by their UID and password, the next steps would be, how to further limit users by the ldap groups?
To be clear, my LDAP structure now looks like this:
- group01 (member: user01, user02)
- group02 (member: user03, user04, user05)
Right now all my users 01 ~ 05 are able to log in using their password. How do I configure so that only users under group01 (user01 and 02) are able to login?
- I don't care to provide more granularity of read-only role, etc, just either log in successful or failed.
- All Users 01~05 do not have a 'memberOf' attribute, this info is only at the Groups entries (that's how the corp LDAP is setup).
I had experimented with this in my Config.groovy, but I guess it's not doing what I thought it would do:
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'cn=group01,ou=Groups,dc=domain01,dc=com'