views:

429

answers:

3

Hi, guys

I am developing a web app by using Grails and using Grails LDAP as my Authentication mechanism. However, i always get following error:

{Error 500: Cannot pass null or empty values to constructor Servlet: default URI: /ldap-app/j_spring_security_check Exception Message: Cannot pass null or empty values to constructor Caused by: Cannot pass null or empty values to constructor Class: GrailsAuthenticationProcessingFilter }

My SecurityConfig.groovy file is :

security { // see DefaultSecurityConfig.groovy for all settable/overridable properties active = true loginUserDomainClass = "User" authorityDomainClass = "Role" requestMapClass = "Requestmap"

useLdap = true
ldapRetrieveDatabaseRoles = false
ldapRetrieveGroupRoles = false
ldapServer = 'ldap://worf-mi.dapc.kao.au:389'
ldapManagerDn = 'CN=sa-ldap-its,OU=Unix Servers for Kerberos,OU=Information Technology Services,OU=Special Accounts,DC=nexus,DC=dpac,DC=cn'
ldapManagerPassword = 'Asdf1234'
ldapSearchBase = 'OU=People,DC=nexus,DC=dpac,DC=cn'
ldapSearchFilter = '(&(cn={0})(objectClass=user))'

}

A: 

Hi,

i had the same problem and found a solution. This error occurs, because the Acegi-Plugin tries to store the Ldap-users password into the User-object. In fact depending on settings of the LDAP-Server it is not allowed to retrieve the password, so an empty value is given to the constructor, as the errormessage tells.

The fix i found is not really nice, but helps to get the plugin up and running. You have to change one field in the following file: ~/.grails//projects//plugins/acegi-0.5.3/src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUserImpl.java or on windows: C:/Users//.grails//projects//plugins/acegi-0.5.3/src/java/org/codehaus/groovy/grails/plugins/springsecurity/GrailsUserImpl.java

Constructor GrailsUserImpl() has the following body:

super(username, password, enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);

which has to be changed to:

super(username, "", enabled, accountNonExpired,
credentialsNonExpired, accountNonLocked, authorities);

Unfortunately this has to be done for every developer-client and every new project.. But it gets the ldap auth to run finally.

As i read they are working on this bug and try to fix it with version 0.6 of the plugin.

Hope i could help.

br, Tim

timtu
A: 

I had the same problem, read the solution above and did something else. Instead of modifying GrailsUserImpl.java I simply switched the password in the user table from NULL to '' (empty String). Since the password is not used for LDAP, the emptry string will be transmitted (instead of the NULL value) which has the same effect as

super(username, "", enabled, accountNonExpired, 
credentialsNonExpired, accountNonLocked, authorities);

but it doesnt affect the source code. This worked for my project, hope it helped too.

Steven

Steven
A: 

Just add "ldapUsePassword = false " in your securityconfig file:

Setting ldapUsePassword to false is important too. What we’re telling the Acegi plugin is not to extract the users password from Active Directory. If you don’t set this to false, you’ll get a lovely exception which isn’t particularly useful, java.lang.IllegalArgumentException: Cannot pass null or empty values to constructor. What this is trying to tell you is that the users password is null, which is correct since the default setting for the Acegi plugin is to try to extract the users password from Active Directory, and we haven’t told Acegi what attribute Active Directory stores the password in. By setting ldapUsePassword to false, the plugin provides a bogus password for the user details, and we’re able to proceed without incident