[jboss-user] [Beginners Corner] - ldap
philpriest
do-not-reply at jboss.com
Mon Mar 5 16:21:05 EST 2007
I have installed jboss-portal-2.4.1, I have a need to auth against a ldap server. from the wiki i have done this:
I have updated $JBOSS_HOME\server\default\deploy\jboss-portal.sar\conf\login-config.xml:
<?xml version='1.0'?>
<!--~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~ JBoss, a division of Red Hat ~
~ Copyright 2006, Red Hat Middleware, LLC, and individual ~
~ contributors as indicated by the @authors tag. See the ~
~ copyright.txt in the distribution for a full listing of ~
~ individual contributors. ~
~ ~
~ This is free software; you can redistribute it and/or modify it ~
~ under the terms of the GNU Lesser General Public License as ~
~ published by the Free Software Foundation; either version 2.1 of ~
~ the License, or (at your option) any later version. ~
~ ~
~ This software is distributed in the hope that it will be useful, ~
~ but WITHOUT ANY WARRANTY; without even the implied warranty of ~
~ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ~
~ Lesser General Public License for more details. ~
~ ~
~ You should have received a copy of the GNU Lesser General Public ~
~ License along with this software; if not, write to the Free ~
~ Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA ~
~ 02110-1301 USA, or see the FSF site: http://www.fsf.org. ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~-->
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<!-- For the JCR CMS -->
<application-policy name="cms">
<login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
</application-policy>
<application-policy name="portal">
<login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
<module-option name="unauthenticatedIdentity">guest</module-option>
<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://localhost:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="baseCtxDN">ou=People,o=ITS</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Groups,o=ITS</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">member</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="searchTimeLimit">5000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>
</application-policy>
How do i go about testing that i can auth against the ldap server? i can do a
ldapsearch -x from one of my clients and see the db.
thanks
Phil
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4025212#4025212
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4025212
More information about the jboss-user
mailing list