[jboss-user] [JBoss Portal] - Re: LDAP Authentication & Authorization to eDirectory
arnieAustin
do-not-reply at jboss.com
Wed May 23 11:20:37 EDT 2007
I tweaked a setting and now get:
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = admin
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: admin
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
| 2007-05-23 10:08:39,765 DEBUG [org.jboss.portal.identity.ldap.LDAPStaticRoleMembershipModuleImpl] findRoles(): role = cn=admin,ou=APPS,ou=PEOPLE,o=IDV
| 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] findRoleByDN(): DN = cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV
| 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role uid: cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV
| 2007-05-23 10:08:39,781 DEBUG [org.jboss.portal.identity.ldap.LDAPRoleModule] role dn: cn=Administrators,ou=JBossPortal,ou=APPS,ou=GROUPS,o=IDV
| 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = admin
| 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
| 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
| 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: admin
| 2007-05-23 10:08:39,875 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv
| 2007-05-23 10:08:39,921 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
| 2007-05-23 10:08:39,921 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=admin,ou=APPS,ou=PEOPLE,o=IDV
|
|
| But still no "Admin" link when admin logs in.
|
| I still get "Your account is disabled" when ACM3 tries to log in. Log shows:
|
|
| | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] findUserByUserName(): username = acm3
| | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
| | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filter: (cn={0})
| | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search filterArg: {0}: acm3
| | 2007-05-23 10:12:57,609 DEBUG [org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl] Search ctx: ou=People,o=idv
| | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user uid: cn=ACM3,ou=AL,ou=EMPLOYEES,ou=PEOPLE,o=IDV
| | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.ldap.LDAPUserModule] user dn: cn=ACM3,ou=AL,ou=EMPLOYEES,ou=PEOPLE,o=IDV
| | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.DelegatingUserProfileModuleImpl] getProperty: portal.user.enabled
| | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.DelegatingUserProfileModuleImpl] Delegating to DB module
| | 2007-05-23 10:12:57,625 DEBUG [org.jboss.portal.identity.db.HibernateUserProfileModuleImpl] Processing non HibernateUserImpl object: class org.jboss.portal.identity.ldap.LDAPUserImpl
| |
|
| So I guess the next questions are:
|
| 1) Can the "role" membership records that the portal uses in authorization be moved to LDAP group Objects?
|
| 2) If I descend my own versions the org.jboss.portal.identity.RoleModule interface, where do my .class files have to be for JBoss to see them during boot and where do i reference them in the configuration files? ldap_identity-config.xml perhaps?
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4047948#4047948
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4047948
More information about the jboss-user
mailing list