Search code examples
grailsspring-securityactive-directorygrails-plugin

Grails spring-security-ldap connecting to localhost:389

I'm using the spring-security-ldap:2.0-RC2 plugin with Grails 2.3.2. I'm trying to connect to an Active Directory server. I've configured the plugin as follows in config.groovy

grails.plugins.springsecurity.ldap.context.server = 'ldap://[ip]:389'
grails.plugins.springsecurity.ldap.context.managerDn = '[DN]'
grails.plugins.springsecurity.ldap.context.managerPassword = '[password]'
grails.plugins.springsecurity.ldap.authorities.ignorePartialResultException = true 
grails.plugins.springsecurity.ldap.authorities.retrieveDatabaseRoles = true
grails.plugins.springsecurity.ldap.search.filter = '(sAMAccountName={0})'
grails.plugins.springsecurity.ldap.search.base = [searchbase]
grails.plugins.springsecurity.ldap.search.searchSubtree = true
grails.plugins.springsecurity.ldap.auth.hideUserNotFoundExceptions = false
grails.plugins.springsecurity.ldap.search.attributesToReturn = ['name', 'mail']

I get a connection error. However, the connection is listed as localhost:389, not the AD server I've specified. 

Caused by CommunicationException: localhost:389; nested exception is 
javax.naming.CommunicationException: localhost:389 [Root exception is java.net.ConnectException:       
Connection refused: connect]
->>   76 | attemptAuthentication in     
grails.plugin.springsecurity.web.authentication.RequestHolderAuthenticationFilter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - 
|     49 | doFilter              in     ''
|     82 | doFilter . . . . . .  in          
grails.plugin.springsecurity.web.authentication.logout.MutableLogoutFilter
|   1145 | runWorker             in java.util.concurrent.ThreadPoolExecutor
|    615 | run . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^    745 | run                   in java.lang.Thread

Note: I've tried connecting (in a separate Groovy project) with Groovy-Ldap.jar I make a connection with:

ldap = LDAP.newInstance('ldap://[ip]:389', '[DN]', '[password]')

and this works fine. I can connect to the AD. Any idea what can be wrong and why localhost:389 is tried and the AD I specified?

Note: in my Grails project I am using a ProxySettings.groovy file with several entries in http.nonProxyHosts (all servers that need to be accessed in the internal network). I've tried including the AD server in the nonProxyHosts but this makes no difference.

Regards,

Jan-Willem Klomp

Solution

  • You should be getting a warning in the output telling you that you're using grails.plugins.springsecurity as the property prefix but that it's been changed in 2.0 to grails.plugin.springsecurity. Your custom properties are being ignored and only the defaults are being used.