[jboss-user] [JBoss Portal] - Re: JBOSS Portal 2.6 and OpenLDAP (looking for an example ld
egandt
do-not-reply at jboss.com
Tue Jul 3 08:38:32 EDT 2007
Sorry the fatwire, was lack of scrubbing the data. as for the other dc=fatwire.com I fixed that to be dc=example,dc=com
The typo of dc=fatwire.com was the problem authentication is now working for openLDAP. I'm including the working LDIF and ldap-identity-config.xml from my install as this may help others in the future. Before use fix the passwords from the users ldapuser and admin as well as the login for openLDAP. My setup assumes that openLDAP is installed on the same server as jboss portal 2.6.
LDIF from OpenLDAP:
| dn: dc=example,dc=com
| dc: example
| description: OpenLDAP pre_cs_setup
| objectClass: dcObject
| objectClass: organization
| o: Example Software
|
| dn: cn=Manager, dc=example,dc=com
| objectClass: organizationalRole
| cn: Manager
|
| dn: ou=People, dc=example,dc=com
| ou: People
| objectClass: organizationalUnit
| objectClass: top
|
| dn: ou=Groups, dc=example,dc=com
| ou: Groups
| objectClass: organizationalUnit
| objectClass: top
|
| dn: cn=admin,ou=People, dc=example,dc=com
| userPassword: {SSHA}XXXXXX
| objectClass: top
| objectClass: organizationalPerson
| objectClass: person
| sn: admin
| cn: admin
|
| dn: cn=ldapuser,ou=People, dc=example,dc=com
| userPassword: {SSHA}XXXXXX
| description: JBoss Portal ldapuser User for test LDAP integration password=username
| objectClass: top
| objectClass: organizationalPerson
| objectClass: person
| sn: ldapuser
| cn: ldapuser
|
| dn: cn=User,ou=Groups, dc=example,dc=com
| description: the JBoss Portal user group
| objectClass: top
| objectClass: groupOfUniqueNames
| uniqueMember: cn=ldapuser,ou=People,dc=example,dc=com
| cn: User
|
| dn: cn=Admin,ou=Groups, dc=example,dc=com
| description: the JBoss Portal admin group
| objectClass: top
| objectClass: groupOfUniqueNames
| uniqueMember: cn=admin,ou=People,dc=example,dc=com
| cn: Admin
|
ldap_identity-config.xml:
| <?xml version="1.0" encoding="UTF-8"?>
| <!--<!DOCTYPE identity-configuration PUBLIC
| "-//JBoss Portal//DTD JBoss Identity Configuration 1.0//EN"
| "http://www.jboss.org/portal/dtd/identity-config_1_0.dtd">-->
| <identity-configuration>
| <datasources>
| <datasource>
| <name>LDAP</name>
| <config>
| <option>
| <name>host</name>
| <value>127.0.0.1</value>
| </option>
| <option>
| <name>port</name>
| <value>389</value>
| </option>
| <option>
| <name>adminDN</name>
| <value>cn=Manager,dc=example,dc=com</value>
| </option>
| <option>
| <name>adminPassword</name>
| <value>XXXXXXX</value>
| </option>
| </config>
| </datasource>
| </datasources>
| <modules>
| <module>
| <!--type used to correctly map in IdentityContext registry-->
| <type>User</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Role</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Membership</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>UserProfile</type>
| <implementation>DELEGATING</implementation>
| <config>
| <option>
| <name>ldapModuleJNDIName</name>
| <value>java:/portal/LDAPUserProfileModule</value>
| </option>
| </config>
| </module>
| <module>
| <type>DBDelegateUserProfile</type>
| <implementation>DB</implementation>
| <config>
| <option>
| <name>randomSynchronizePassword</name>
| <value>true</value>
| </option>
| </config>
| </module>
| <module>
| <type>LDAPDelegateUserProfile</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| </modules>
|
| <options>
| <option-group>
| <group-name>common</group-name>
| <option>
| <name>userCtxDN</name>
| <value>ou=People,dc=example,dc=com</value>
| </option>
| <option>
| <name>uidAttributeID</name>
| <value>cn</value>
| </option>
| <option>
| <name>passwordAttributeID</name>
| <value>userPassword</value>
| </option>
|
| <option>
| <name>roleCtxDN</name>
| <value>ou=Groups,dc=example,dc=com</value>
| </option>
| <option>
| <name>ridAttributeId</name>
| <value>cn</value>
| </option>
| <option>
| <name>roleDisplayNameAttributeID</name>
| <value>cn</value>
| </option>
| <option>
| <name>membershipAttributeID</name>
| <value>uniqueMember</value>
| </option>
| <option>
| <name>membershipAttributeIsDN</name>
| <value>true</value>
| </option>
| </option-group>
| <option-group>
| <group-name>userCreateAttibutes</group-name>
| <option>
| <name>objectClass</name>
| <!--This objectclasses should work with Red Hat Directory-->
| <value>top</value>
| <value>person</value>
| <value>organizationalPerson</value>
| </option>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <option>
| <name>sn</name>
| <value>none</value>
| </option>
| </option-group>
|
| <option-group>
| <group-name>roleCreateAttibutes</group-name>
| <option>
| <name>objectClass</name>
| <value>top</value>
| <value>groupOfUniqueNames</value>
| </option>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <!--Some directory servers require this attribute to be valid DN-->
| <!--For safety reasons point to the admin user here-->
| <option>
| <name>member</name>
| <value>cn=admin,ou=People,dc=example,dc=com</value>
| </option>
| </option-group>
| </options>
| </identity-configuration>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4059931#4059931
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4059931
More information about the jboss-user
mailing list