The
LDAP authentication support for the Spring Security plugin provides access to directory services via LDAP. That's really easy to configure. Once you learn how to do it you'll not spent more than 10 minutes to get it working as well. In this post I'll show you how to have your Active Directory authentication service working very quickly.
To that post let's suppose that we have a Active Directory server running with the follow access data:
Address: 192.168.0.1
Port: 389
Domain: mydomain.com
Admin user: admin
Admin password: pass
So, the first thing we need to do is install the LDAP authentication plugin:
grails install-plugin spring-security-ldap
The command above will install the
LDAP authentication support for the Spring Security plugin as your dependency, the
Spring Security Core plugin.
After that, we can already configure our communication with the Active Directory server. On
conf/config.groovy file, write the follow lines and adapt them for your access data:
grails.plugins.springsecurity.ldap.context.managerDn = 'admin'
grails.plugins.springsecurity.ldap.context.managerPassword = 'pass'
grails.plugins.springsecurity.ldap.context.server = 'ldap://192.168.0.1:389'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugins.springsecurity.ldap.search.base = 'dc=mydomain,dc=com'
grails.plugins.springsecurity.ldap.search.filter = "sAMAccountName={0}"
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['mail', 'displayName'] // extra attributes you want returned
grails.plugins.springsecurity.providerNames = ['ldapAuthProvider', 'anonymousAuthenticationProvider']
// role-specific LDAP config
grails.plugins.springsecurity.ldap.useRememberMe = false
grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = true
grails.plugins.springsecurity.ldap.authorities.groupSearchBase = 'dc=mydomain,dc=com'
grails.plugins.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
If you've configured your server correctly your Grails application can already communicate with your AD server. So, now we can create our log-in page. But don't worry, Grails and its plugins do the hard work for us. For that, just run the follow command to create your login page:
grails s2-quickstart <your package, e.g. com.myproject> User Role
That command will create the
User,
Rule and
UserRole domain classes, as well, its controllers and views. The views will be created in the views/login folder.
Now you must be able to access your login page that will authenticate your users checking them on the Active Directory. Try access something like that:
http://localhost:8080/<your-project>/login
If you want to do some customization you can check the User, Rule, UserRole domains, controllers and views for that.
Hope that help you!