Skip to content
Browse files

configure spring security for AD/LDAP access. AD/LDAP server connecti…

…on details and root DN/binding must be configured elsewhere
  • Loading branch information...
1 parent 3d4f92e commit 75eb1b26aa893c0c0cb5ba96bc4f3c02d62a8f71 @jetztgradnet committed
Showing with 19 additions and 0 deletions.
  1. +19 −0 grails-app/conf/Config.groovy
View
19 grails-app/conf/Config.groovy
@@ -93,3 +93,22 @@ log4j = {
'net.sf.ehcache.hibernate'
debug 'org.springframework.security'
}
+
+// Added by the Spring Security Core plugin:
+grails.plugins.springsecurity.userLookup.userDomainClassName = 'net.jetztgrad.aldente.User'
+grails.plugins.springsecurity.userLookup.authorityJoinClassName = 'net.jetztgrad.aldente.UserRole'
+grails.plugins.springsecurity.authority.className = 'net.jetztgrad.aldente.Role'
+
+
+// LDAP config
+grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true // typically needed for Active Directory
+grails.plugins.springsecurity.ldap.search.filter="sAMAccountName={0}" // for Active Directory you need this
+grails.plugins.springsecurity.ldap.search.searchSubtree = true
+grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
+grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName'] // extra attributes you want returned; see below for custom classes that access this data
+grails.plugins.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider'] // specify this when you want to skip attempting to load from db and only use LDAP
+// role-specific LDAP config
+grails.plugins.springsecurity.ldap.useRememberMe = false
+grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
+grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}' // Active Directory specific - the example settings will work fine for a plain LDAP server
+

0 comments on commit 75eb1b2

Please sign in to comment.
Something went wrong with that request. Please try again.