在Grails Spring应用程序中获取LDAP属性memberof

我可能会陷入一个非常愚蠢的问题，尝试使用spring-security-core和spring-security-ldap插件在Grails应用程序（书店）中实现基于LDAP角色的身份验证/授权 . 我创建了一个自定义UserDetailsContextMapper并尝试将我的LDAP角色映射到应用程序角色 . 但是，属性中的memberof属性永远不会返回 .

UserDetails mapUserFromContext(DirContextOperations ctx, String username,
                                  Collection authorities) { 
        Attributes attributes = ctx.getAttributes();
        Object[] groups = new Object[10];
        groups = ctx.getObjectAttributes("memberof"); //returns empty array 

        Set<GrantedAuthority> authority = new HashSet<GrantedAuthority>();

        for(Object group: groups){
            if (group.toString().toLowerCase().contains("ROLE_FROM_LDAP".toLowerCase()) == true){
                authority.add(new SimpleGrantedAuthority("ROLE_APP"));
                break;          
            }           
        }

        User userDetails = new User(username, "", false, false, false, false, authority); 
        return userDetails;
}

有趣的是，当我使用ldapsearch在LDAP上运行查询时，我确实得到了返回的属性 .

What I am stuck at is how to configure the equivalent of "requesting:" (as shown below with ldapsearch) in the Grails LDAP configuration so that the plugin is able to fetch the "memberof" attribute (I tried adding that to Grails LDAP plugin configuration with ldap.search.attributesToReturn but to no avail).

ldapsearch -t -x -b "ou=people,dc=domain,dc=com" "cn=myusername" memberof
.....
# LDAPv3
# base <ou=people,dc=domain,dc=com> with scope subtree
# filter: cn=myusername
# requesting: memberof
#
.....
dn: cn=myusername,ou=people,dc=domain,dc=com
memberOf: cn=ROLE_FROM_LDAP,ou=groups,dc=domain,dc=com

以下是Grails LDAP配置：

grails {
    plugin {
        springsecurity {
            providerNames: ['ldapAuthProvider', 'anonymousAuthenticationProvider']          
            ldap {
                useRememberMe = false               
                context {
                    managerDn = 'cn=manager,dc=domain,dc=com'                   
                    managerPassword = 'secret'
                    server = 'ldap://localhost:389/'
                }      
                search {
                    base = 'ou=people,dc=domain,dc=com'
                    filter = 'cn={0}'
                    searchSubtree = true
                    attributesToReturn: ['memberOf'] //extra attributes you want returned
                }               
                auth {
                    hideUserNotFoundExceptions = false
                }
                authorities {
                    retrieveDatabaseRoles = false
                    retrieveGroupRoles = true
                    groupSearchBase = 'ou=groups,dc=domain,dc=com'                  
                    groupSearchFilter = 'member={0}'           
                }               
            }
        }
    }
}