[jboss-user] [JBoss Portal] - Re: LDAP authentication and Role-based permissions question

bdaw do-not-reply at jboss.com
Fri Mar 9 07:52:23 EST 2007


I just tried your configuration and it seemed to work. Didn't put things into database. Just test if users are authenticated correctly and are able to enter portal.

I used this 
ldif file and changed:

1) login-config.xml:


  | <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
  |                 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |                 <module-option name="java.naming.provider.url">ldap://localhost:10389/</module-option>
  |                 <module-option name="java.naming.security.authentication">simple</module-option>
  |                 <module-option name="principalDNPrefix">uid=</module-option>
  |                 <module-option name="principalDNSuffix">,ou=People,o=test,dc=portal,dc=example,dc=com</module-option>
  |                 <module-option name="rolesCtxDN">ou=Roles,o=test,dc=portal,dc=example,dc=com</module-option>
  |                 <module-option name="uidAttributeID">member</module-option>
  |                 <module-option name="matchOnUserDN">true</module-option>
  |                 <module-option name="roleAttributeID">cn</module-option>
  |                 <module-option name="roleAttributeIsDN">false</module-option>
  |                 <module-option name="searchTimeLimit">5000</module-option>
  |                 <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
  |             </login-module>
  | 

and IdentityLoginModule commented out.

2) jboss-4.0.5.GA\server\default\deploy\jboss-portal.sar\portal-server.war\WEB-INF\web.xml : 

  | <security-role>
  |       <!--<role-name>Authenticated</role-name>-->
  |          <role-name>User</role-name>
  |    </security-role>
  | 
  | and 
  | 
  | <security-constraint>
  |       <web-resource-collection>
  |          <web-resource-name>Authenticated</web-resource-name>
  |          <description></description>
  |          <url-pattern>/auth/*</url-pattern>
  |       </web-resource-collection>
  |       <auth-constraint>
  |          <!--<role-name>Authenticated</role-name>-->
  |          <role-name>User</role-name>
  |       </auth-constraint>
  |    </security-constraint>
  | 

I'm able to login as admin/admin or as jduke/theduke. Tested with 2.4 and 2.6 trunk



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4026587#4026587

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4026587



More information about the jboss-user mailing list