[jboss-user] [JBoss Portal] - Re: LDAP and Active Directory
creative77
do-not-reply at jboss.com
Mon Oct 2 12:35:31 EDT 2006
Wiki sez that the "rolesCtxDN" is the path to the users account and not the path to the actual group/role.
When I set this the servlet crashes with a account not found exception. However, when I change the path to the group path. It authenticates the user but can't find the user group/role.
I am confused.
As I have said the user accounts and groups are in different subtrees.
#################################################
This crashes the login servlet with account not found. Account are in the following container.
<module-option name="rolesCtxDN">ou=Adomain Users,ou=Adomain Resources,dc=adomain,dc=com</module-option>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<!--
Some AD configurations may require searching against
the Global Catalog on port 3268 instead of the usual
port 389. This is most likely when the AD forest
includes multiple domains.
-->
<module-option name="java.naming.provider.url">ldap://adserver.adomain.com:389</module-option>
<module-option name="bindDN">DomainUser</module-option>
<module-option name="bindCredential">DomainPassword</module-option>
<module-option name="baseCtxDN">dc=adomain,dc=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">ou=Adomain Users,ou=Adomain Resources,dc=adomain,dc=com</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
</login-module>
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975561#3975561
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3975561
More information about the jboss-user
mailing list