[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 4.0.5.GA LdapLoginModule - terminology confusion

matteg do-not-reply at jboss.com
Fri Sep 28 02:16:51 EDT 2007 

It's unfortunate no one was able to suggest using an undocumented version of LdapLoginModule - I found the LdapExtLoginModule by searching the jboss source code.  Once I found that, a search of the wikis led me to the excellent posting http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule and the problem was resolved within hours. 

For the benefit of others trying to use Ldap, don't waste time with the LdapLoginModule described in the Application Server Guide.  Go directly to the LdapExtLoginModule for terminology and searching that more closely aligns with LDAP terminology and concepts.

Below is the login-config.xml that works with my OpenLDAP:

    <!-- GM: Sept 27 2007 - A configuration for webapps using an OpenLDAP running on this server.  -->
    <application-policy name="localhostLDAP">
      
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
              <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
	      <module-option name="java.naming.provider.url">ldap://127.0.0.1:389/</module-option>
	      <module-option name="java.naming.security.authentication">simple</module-option>
	      <module-option name="bindDN">cn=administrator,dc=saanich,dc=ca</module-option>
	      <module-option name="bindCredential">admin1</module-option>
              <module-option name="baseCtxDN">ou=People,dc=saanich,dc=ca</module-option>
              <module-option name="baseFilter">(cn={0})</module-option>
	      <module-option name="rolesCtxDN">ou=Webapp-Roles,ou=Groups,dc=saanich,dc=ca</module-option>
	      <module-option name="roleFilter">(member={1})</module-option>
	      <module-option name="uidAttributeID">member</module-option>
	      <module-option name="roleAttributeID">cn</module-option>
	      <module-option name="roleNameAttributeID">cn</module-option>
              <module-option name="roleAttributeIsDN">true</module-option>
      </login-module>
      
    </application-policy>


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4089560#4089560

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4089560

More information about the jboss-user mailing list