Grails OpenLDAP登录失败：抱歉，我们无法找到具有该用户名和密码的用户_Grails_Spring Security_Ldap_Openldap_Slapd

Grails OpenLDAP登录失败：抱歉，我们无法找到具有该用户名和密码的用户

grails spring-security ldap

Grails OpenLDAP登录失败：抱歉，我们无法找到具有该用户名和密码的用户,grails,spring-security,ldap,openldap,slapd,Grails,Spring Security,Ldap,Openldap,Slapd,我正在尝试将Ldap登录添加到我的grails应用程序中。在添加spring安全内核和spring安全ldap（2.0.1）插件之后，我在config.groovy中添加了配置： grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider'] grails.plugin.springsecur

我正在尝试将Ldap登录添加到我的grails应用程序中。在添加spring安全内核和spring安全ldap（2.0.1）插件之后，我在config.groovy中添加了配置：

grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.managerDn = 'uid=admin,dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.context.managerPassword = 'Admin123'
grails.plugin.springsecurity.ldap.context.server = 'ldap://localhost:389'
grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.useRememberMe = false
grails.plugin.springsecurity.ldap.search.base = 'dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['uid', 'mail', 'cn', 'sn', 'givenName', 'jpegPhoto' , 'telephoneNumber']
grails.plugin.springsecurity.ldap.search.filter = '(uid={0})'
grails.plugin.springsecurity.ldap.authenticator.attributesToReturn = ['uid', 'mail', 'cn', 'sn', 'givenName', 'jpegPhoto' , 'telephoneNumber']
grails.plugin.springsecurity.userLookup.usernamePropertyName = 'uid'

grails.plugin.springsecurity.userLookup.usernamePropertyName = 'uid'

我按照官方指南添加了userDetails类details contextMapper类

加载Grails应用程序并尝试登录时，会显示标题中的错误消息

在查看背景slapd日志时，我非常确定（虽然不熟悉slapd日志格式）用户的DN搜索已成功…：

5ac1d79a => send_search_entry: conn 1017 dn="uid=sito,ou=Users,dc=sw01,dc=com"
ber_flush2: 3768 bytes to sd 15
ldap_write: want=3768, written=3768
  0000:  30 82 0e b4 02 01 01 64  82 0e ad 04 20 75 69 64   0......d.... uid  
  0010:  3d 73 69 74 6f 2c 6f 75  3d 55 73 65 72 73 2c 64   =sito,ou=Users,d  
  0020:  63 3d 73 77 30 31 2c 64  63 3d 63 6f 6d 30 82 0e   c=sw01,dc=com0..  
  0030:  87 30 5e 04 0b 6f 62 6a  65 63 74 43 6c 61 73 73   .0^..objectClass  
  0040:  31 4f 04 10 65 78 74 65  6e 73 69 62 6c 65 4f 62   1O..extensibleOb  
  0050:  6a 65 63 74 04 09 75 69  64 4f 62 6a 65 63 74 04   ject..uidObject.  
  0060:  06 70 65 72 73 6f 6e 04  14 6f 72 67 61 6e 69 7a   .person..organiz  
  0070:  61 74 69 6f 6e 61 6c 50  65 72 73 6f 6e 04 0d 69   ationalPerson..i  
  0080:  6e 65 74 4f 72 67 50 65  72 73 6f 6e 04 03 74 6f   netOrgPerson..to  
  0090:  70 30 16 04 02 63 6e 31  10 04 0e 41 6c 66 6f 6e   p0...cn1...Alfon  
  00a0:  73 6f 20 52 69 76 65 72  6f 30 16 04 09 67 69 76   so Rivero0...giv

我是否有一些配置错误，或者在实现中遗漏了什么？请帮助，任何信息都非常感谢

[更新20180403]

所以我做了更多的挖掘。我修改了自动生成的LoginController.groovy authfail（）操作，并打印出异常堆栈跟踪：

| Error org.springframework.security.authentication.BadCredentialsException: Bad credentials
| Error     at org.springframework.security.ldap.authentication.BindAuthenticator.authenticate(BindAuthenticator.java:95)
| Error     at org.springframework.security.ldap.authentication.LdapAuthenticationProvider.doAuthentication(LdapAuthenticationProvider.java:178)
| Error     at org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider.authenticate(AbstractLdapAuthenticationProvider.java:80)
| Error     at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
| Error     at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:92)
| Error     at grails.plugin.springsecurity.web.authentication.GrailsUsernamePasswordAuthenticationFilter.attemptAuthentication(GrailsUsernamePasswordAuthenticationFilter.java:59)
| Error     at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:211)
| Error     at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:342)

它发生在org.springframework.security.ldap.authentication.BindAuthenticator上，异常为BadCredentialsException

但我确实从示例ldif导入了用户（也通过JXplorer浏览器进行了验证）：

唯一的问题是，我没有用户的“userName”字段，因此我使用“uid”登录，这也是在config.groovy中指定的：

grails.plugin.springsecurity.providerNames = ['ldapAuthProvider','anonymousAuthenticationProvider','rememberMeAuthenticationProvider']
grails.plugin.springsecurity.ldap.context.managerDn = 'uid=admin,dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.context.managerPassword = 'Admin123'
grails.plugin.springsecurity.ldap.context.server = 'ldap://localhost:389'
grails.plugin.springsecurity.ldap.context.anonymousReadOnly = true
grails.plugin.springsecurity.ldap.authorities.groupSearchBase = 'ou=Groups,dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.authorities.retrieveGroupRoles = false
grails.plugin.springsecurity.ldap.authorities.retrieveDatabaseRoles = false
grails.plugin.springsecurity.ldap.authorities.groupSearchFilter = 'member={0}'
grails.plugin.springsecurity.ldap.useRememberMe = false
grails.plugin.springsecurity.ldap.search.base = 'dc=sw01,dc=com'
grails.plugin.springsecurity.ldap.search.attributesToReturn = ['uid', 'mail', 'cn', 'sn', 'givenName', 'jpegPhoto' , 'telephoneNumber']
grails.plugin.springsecurity.ldap.search.filter = '(uid={0})'
grails.plugin.springsecurity.ldap.authenticator.attributesToReturn = ['uid', 'mail', 'cn', 'sn', 'givenName', 'jpegPhoto' , 'telephoneNumber']
grails.plugin.springsecurity.userLookup.usernamePropertyName = 'uid'

grails.plugin.springsecurity.userLookup.usernamePropertyName = 'uid'

以上是正确的，还是我还遗漏了什么

非常感谢任何信息/帮助

[更新20180406]

所以我回到最基本的，只需从ldap命令搜索中测试并绑定用户：

$ ldapsearch -D 'cn=admin,dc=sw01,dc=com' -W -x -b 'uid=wpauli,ou=Users,dc=sw01,dc=com'
Enter LDAP Password: 
# extended LDIF
#
# LDAPv3
# base <uid=wpauli,ou=Users,dc=sw01,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#

# wpauli, Users, sw01.com
dn: uid=wpauli,ou=Users,dc=sw01,dc=com
objectClass: uidObject
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: top
cn: Wolfgang Pauli
facsimileTelephoneNumber: +1 904 982 6883
givenName: Wolfgang
mail: wpauli@example.com
ou: Users
roomNumber: 667
sn: Pauli
telephoneNumber: +1 904 982 6882
uid: wpauli
userPassword:: c2VjcmV0

# search result
search: 2
result: 0 Success

# numResponses: 2
# numEntries: 1

为什么它不能绑定？使用的密码与上面的Ldapsearch结果返回的密码匹配吗

有人要帮忙吗？

啊，我把它整理好了。仔细查看我使用的示例LDIF文件，填充userPassword的行有双冒号“：：”，这意味着密码是base64编码的

telephoneNumber: +1 904 982 6882
uid: sito
userPassword:: c2VjcmV0

我通过base64解码器运行了值“c2VjcmV0”，它是“secret”。嗯

现在用正确的密码更改ldapwhoami测试

发件人：

致：

已经成功地验证了它

回到我的示例Grails应用程序登录，使用正确的密码也可以毫无问题地登录

$ ldapwhoami -vvv -h localhost -p 389 -D 'uid=wpauli,ou=Users,dc=sw01,dc=com' -x -w c2VjcmV0
ldap_initialize( ldap://localhost:389 )
ldap_bind: Invalid credentials (49)

$ ldapwhoami -vvv -h localhost -p 389 -D uid=wpauli,ou=Users,dc=sw01,dc=com -x -w c2VjcmV0
ldap_initialize( ldap://localhost:389 )
ldap_bind: Invalid credentials (49)

telephoneNumber: +1 904 982 6882
uid: sito
userPassword:: c2VjcmV0

$ ldapwhoami -vvv -h localhost -p 389 -D uid=wpauli,ou=Users,dc=sw01,dc=com -x -w c2VjcmV0

$ ldapwhoami -vvv -h localhost -p 389 -D uid=wpauli,ou=Users,dc=sw01,dc=com -x -w secret