[jboss-user] [JBoss Portal] - Re: LDAP Connection error

saigon_man do-not-reply at jboss.com
Tue Sep 25 12:07:17 EDT 2007 

Hi,
Thanks for all responds. 

First, I tried the suggestions from sbozdag. When I tried to log in, jboss displayed message: "your account is disabled" with admin/admin. If I tried to login with jduke1/theduke, jboss gave me the message: "this account doesn't not exist ...."

Here is my configuration:

1. I am using ApacheDS(Apache directory server) and using JXplorer to log in. ApacheDS doesn't allow anonymous login. So I used the option username+password
username: uid=admin,ou=system
password: secret

2. Because ApacheDS doen't allow anonymous login, I then change the configuration in login-config.xml a little bit and added two lines


  | <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
  |             <module-option name="unauthenticatedIdentity">guest</module-option>
  |             <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
  |             <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
  |             <module-option name="additionalRole">Authenticated</module-option>
  |             <module-option name="password-stacking">useFirstPass</module-option>
  |         </login-module>
  | 	<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
  | 	    <module-option name="java.naming.factory.initial"> 
  | 	        com.sun.jndi.ldap.LdapCtxFactory
  | 	    </module-option>
  | 	    <module-option name="java.naming.provider.url">
  | 	        ldap://localhost:10389/
  | 	    </module-option>
  | 	    <module-option name="java.naming.security.authentication">
  | 	        simple
  | 	    </module-option>
  |             <module-option name="binDN">uid=admin,ou=system</module-option>
  |             <module-option name="bindCredential">secret</module-option>
  | 	    <module-option name="baseCtxDN">ou=People,o=portal</module-option>                    
  | 	    <module-option name="baseFilter">(uid={0})</module-option>                    
  | 	    <module-option name="rolesCtxDN">ou=Groups,o=portal</module-option>
  | 	    <module-option name="roleFilter">(member={0})</module-option>
  | 	    <module-option name="roleAttributeID">member</module-option>
  | 	    <module-option name="roleRecursion">-1</module-option>
  | 	    <module-option name="roleNameAttributeID">cn</module-option>
  | 	    <module-option name="roleAttributeIsDN">true</module-option>
  | 	    <module-option name="searchTimeLimit">5000</module-option>
  | 	    <module-option name="searchScope">SUBTREE_SCOPE</module-option>
  | 	</login-module>
  | 

I also added the "Authenticated" and associated all users to this role in the server. 
I think once I hit the login button, this configuration doesn't get called at all since jboss is not able to find the jduke1 username in the server. 
I don't know if the changes (in red color) I made in this configuration are correct or is there anything i am missing here?

I am using the portal-sample-local.ldif provided in jboss source
Your help on this is greatly appreciated

Thanks,

SGM

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4088502#4088502

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4088502

More information about the jboss-user mailing list