Home Grails springsecurity LDAP Login, how to limit user by subgroups?
Reply: 0

Grails springsecurity LDAP Login, how to limit user by subgroups?

user1605
1#
user1605 Published in April 22, 2018, 10:02 pm

Another newbie question with grails-spring-security core/ldap implementation. ( Grails 2.4.4 spring-security-core-2.0.0 spring-security-ldap-2.0.1 )

I had setup an openLdap server (locally for a test), and from my grails app, authenticated user with the only the LDAP, no database stored users/roles info, everything is from LDAP (that's the requirement anyway)

So far I had gotten ok with authenticating all the ldap users by their UID and password, the next steps would be, how to further limit users by the ldap groups?

To be clear, my LDAP structure now looks like this:

domain01, com
    - Groups
        - group01 (member: user01, user02)
        - group02 (member: user03, user04, user05)
        - superUsers
    - Users
        - user01
        - user02
        - user03
        - user04
        - user05

Right now all my users 01 ~ 05 are able to log in using their password. How do I configure so that only users under group01 (user01 and 02) are able to login? Assuming:

  • I don't care to provide more granularity of read-only role, etc, just either log in successful or failed.
  • All Users 01~05 do not have a 'memberOf' attribute, this info is only at the Groups entries (that's how the corp LDAP is setup).

I had experimented with this in my Config.groovy, but I guess it's not doing what I thought it would do:

grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'cn=group01,ou=Groups,dc=domain01,dc=com'

Please help!

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.30791 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO