[jboss-user] [JBoss Portal] - Re: LDAP Authentication & Authorization to eDirectory

arnieAustin do-not-reply at jboss.com
Wed May 23 11:20:37 EDT 2007 

I tweaked a setting and now get:


  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = admin
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: admin
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
  | 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipModuleImpl] findRoles(): role = cn=admin,ou=APPS,ou=PEOPLE,o=IDV
  | 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] findRoleByDN(): DN = cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV
  | 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role uid: cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV
  | 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role dn: cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV
  | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = admin
  | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
  | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
  | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: admin
  | 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv
  | 2007-05-23 10:08:39,921 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
  | 2007-05-23 10:08:39,921 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
  | 
  | 
  | But still no "Admin" link when admin logs in.
  | 
  | I still get "Your account is disabled" when ACM3 tries to log in. Log shows:
  | 
  | 
  |   | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = acm3
  |   | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
  |   | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
  |   | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: acm3
  |   | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv
  |   | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=ACM3,ou=AL,ou=EMPLOYEES,ou=PEOPLE,o=IDV
  |   | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=ACM3,ou=AL,ou=EMPLOYEES,ou=PEOPLE,o=IDV
  |   | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.DelegatingUserProfileModuleImpl] getProperty: portal.user.enabled
  |   | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.DelegatingUserProfileModuleImpl] Delegating to DB module
  |   | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.db.HibernateUserProfileModuleImpl] Processing non HibernateUserImpl object: class org.jboss.portal.identity.ldap.LDAPUserImpl
  |   | 
  | 
  | So I guess the next questions are:
  | 
  | 1) Can the "role" membership records that the portal uses in authorization be moved to LDAP group Objects?
  | 
  | 2) If I descend my own versions the org.jboss.portal.identity.RoleModule interface, where do my .class files have to be for JBoss to see them during boot and where do i reference them in the configuration files? ldap_identity-config.xml perhaps?
  | 

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047948#4047948

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047948

More information about the jboss-user mailing list