Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

We use the Spring Security package ( Version 1.0.6 ). You can find the full configuration documentation here: Grails-Spring-Security-LDAP


Internal LDAP Settings


grails.plugins.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugins.springsecurity.ldap.useRememberMe = false

Below are some examples VetView LDAP configurations.


University of Georgia

VetView Configuration File:

grails.plugins.springsecurity.ldap.context.managerDn=<System Account>@uga.edu
grails.plugins.springsecurity.ldap.context.managerPassword=<password>
grails.plugins.springsecurity.ldap.context.server=ldaps://lds.uga.edu:636
grails.plugins.springsecurity.ldap.search.base=ou=users,o=uga
grails.plugins.springsecurity.ldap.search.filter=(cn={0})
grails.plugins.springsecurity.ldap.authenticator.dnPatterns=cn={0},ou=users,o=uga
grails.plugins.springsecurity.ldap.vetview.searchPattern={0}@uga.edu

Other Steps:

  • Add Security Certificate into the Servers JVM
    • ..\..\bin\Keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias InCommon  -file c:\Certificates\InCommon_intermediate.cer
    • ..\..\bin\keytool -import -trustcacerts -keystore cacerts -storepass changeit -noprompt -alias UserTrust -file c:\Certificates\UserTrust_root.cer
  • Verify Correct JVM used on the Server

                       

  • Request a Firewall Exception between the Webserver and the LDAP server.

Univserity of Missouri

VetView Configuration File:

grails.plugins.springsecurity.ldap.active=true
grails.plugins.springsecurity.ldap.context.managerDn=umcvetmedldap@missouri.edu
grails.plugins.springsecurity.ldap.context.managerPassword=<password>
grails.plugins.springsecurity.ldap.context.server = ldap://col.missouri.edu:3268/
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true
grails.plugins.springsecurity.ldap.search.base = DC=edu
grails.plugins.springsecurity.ldap.search.filter = (sAMAccountName={0})
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false

Other Information:

There are multiple domains (UMC-USERS/col.missouri.edu for faculty and staff, and TIGERS/tig.mizzou.edu for students) so we point to the Global Address Catalog port 3268 instead of 636 and use a search base of DC=edu. The search filter is on sAMAccountName, so it’s looking for the AD username (MU calls it PawPrint).


  • No labels