[jboss-user] [JBoss Portal] - CMS and LDAP in 2.6.2

Thu Nov 15 10:53:18 EST 2007

Greetings coders

I'm running AS 4.2.2.GA with portal 2.6.2 and authenticating against an LDAP server.

Now I'm trying to use the CMS, but I'm somehow not authorized to see any content.  My user has the "Admin" role, but I'm not given access to the CMS portlet.

In my login-config.xml I have copied my working "portal" LDAP application-policy to the "cms" application-policy without any luck.

Here's my CMS policy from login-config.xml.  Where you see "correct" or "AwesomePassword" I have replaced company-specific information.

   <!-- For the JCR CMS -->
  |    <application-policy name="cms">
  |       <authentication>
  | 		<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
  | 		   <module-option name="synchronizeIdentity">true</module-option>
  | 		   <module-option name="synchronizeRoles">true</module-option>
  | 		   <module-option name="additionalRole">Authenticated</module-option>
  | 		   <module-option name="defaultAssignedRole">User</module-option>
  | 		   <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
  | 		   <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
  | 		   <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
  | 		   <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
  | 		   <module-option name="password-stacking">useFirstPass</module-option>
  | 		   <module-option name="java.naming.provider.url">ldaps://correct.url.and:port/</module-option>
  |            <module-option name="java.naming.security.authentication">simple</module-option>
  |            <module-option name="java.naming.security.protocol">ssl</module-option>
  | 		   <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  | 		   <module-option name="bindDN">uid=portal,ou=ServiceAccounts,dc=correct,dc=org</module-option>
  |            <module-option name="bindCredential">AwesomePassword</module-option>
  |            <module-option name="baseCtxDN">ou=People,dc=correct,dc=org</module-option>
  |            <module-option name="baseFilter">(&(objectClass=person)(uid={0}))</module-option>
  |            <module-option name="rolesCtxDN">ou=portal,ou=Groups,dc=correct,dc=org</module-option>
  |            <module-option name="roleFilter">(&(objectClass=groupofuniquenames)(uniquemember={1}))</module-option>
  |            <module-option name="roleAttributeIsDN">false</module-option>
  |            <module-option name="roleAttributeID">cn</module-option>
  |            <module-option name="roleRecursion">0</module-option>
  |            <module-option name="roleNameAttributeID">cn</module-option>
  |            <module-option name="searchScope">SUBTREE_SCOPE</module-option>
  |            <module-option name="defaultRole">Authenticated</module-option>
  |            <module-option name="unauthenticatedIdentity">Anonymous</module-option>
  | 		   <module-option name="allowEmptyPasswords">false</module-option>
  |          </login-module>         
  |       </authentication>
  |    </application-policy>
Any help appreciated!

   -nollie

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4105083#4105083

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4105083