[jboss-user] [JBoss Portal] - Re: JBoss Portal LDAP Setup
olivwalt
do-not-reply at jboss.com
Wed Nov 22 13:10:11 EST 2006
Hello bdaw,
it works :). Great thx a lot for your help. Here is my setup.
1. Update $JBOSS_HOME\server\default\deploy\jboss-portal.sar\conf\login-config.xml an replace existing <!-- <application-policy name="portal">
| <authentication>
| <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="required">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
| </authentication>
| </application-policy> --> with <application-policy name="portal">
| <authentication>
| <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
| <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
| <module-option name="java.naming.factory.initial">
| com.sun.jndi.ldap.LdapCtxFactory
| </module-option>
| <module-option name="java.naming.provider.url">
| ldap://bridge6.eu.boschrexroth.com:389/
| </module-option>
| <module-option name="java.naming.security.authentication">
| simple
| </module-option>
| <module-option name="baseCtxDN">ou=People,o=boschrexroth</module-option>
| <module-option name="baseFilter">(uid={0})</module-option>
| <module-option name="rolesCtxDN">ou=Groups,o=boschrexroth</module-option>
| <module-option name="roleFilter">(member={1})</module-option>
| <module-option name="roleAttributeID">member</module-option>
| <module-option name="roleRecursion">-1</module-option>
| <module-option name="roleNameAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">true</module-option>
| <module-option name="searchTimeLimit">5000</module-option>
| <module-option name="searchScope">SUBTREE_SCOPE</module-option>
| </login-module>
| </authentication>
| </application-policy>
We use LdapExtLoginModule, due to a hierarchical structure in our LDAP server. As our structure is equal to example1.ldif (http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule) i set the module-options "roleAttributeIsDN" and "roleNameAttributeID" (in our case "cn").
Add the IdentityLoginModule with flag="sufficient", if you want the existing default admin and user still login.
2. Create a role in LDAP with name "Authenticated" and add all users, which you want to login as members to the role. I`m sure you also can map the security-constraint in portal-server.war\WEB-INF\web.xml, to any other already existing role, but never tested that.
Regards Oliver
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3987962#3987962
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3987962
More information about the jboss-user
mailing list