[jboss-user] [Security & JAAS/JBoss] - JAAS and OpenLdap configuration
jej2003
do-not-reply at jboss.com
Mon Oct 27 17:02:52 EDT 2008
I am trying to setup a JAAS Domain to authenticate against an LDAP server, but I keep getting [LDAP: error code 49 - Invalid Credentials]. Can anyone help shed some light on this? The googling I did seemed to point to the java.naming.security.principal being wrong, but it is not. Any help would be appreciated.
LDIF:
| # This file was generated on 2008-10-27 at 13:52:13
| # by Softerra LDAP Administrator v4 [ http://www.ldapadministrator.com ]
| dn: dc=test,dc=com
| dc: test
| description: test
| objectClass: dcObject
| objectClass: organization
| o: test
|
| dn: ou=people,dc=test,dc=com
| ou: people
| description: All the peoples in da hizzouse
| objectClass: organizationalUnit
|
| dn: description=Mr. Jamie Johnson 2008102372,ou=people,dc=test,dc=com
| description: Mr. Jamie Johnson 2008102372
| sn: Johnson
| ou: test
| objectClass: person
| objectClass: organizationalPerson
| objectClass: uidObject
| uid: jjohnson
| telephoneNumber: 123-456-7890
| title: Software Engineer
| userPassword: jjohnson
| cn: jjohnson
|
| dn: description=Mr. Test User 2008102313,ou=people,dc=test,dc=com
| telephoneNumber: 123-456-7890
| description: Mr. Test User 2008102313
| sn: User
| objectClass: person
| objectClass: organizationalPerson
| objectClass: uidObject
| uid: tuser
| userPassword: tuser
| cn: tuser
|
|
| dn: ou=groups,dc=test,dc=com
| description: All the subservient minions
| objectClass: organizationalUnit
| ou: groups
|
| dn: cn=Administrators,ou=groups,dc=test,dc=com
| objectClass: top
| objectClass: groupOfNames
| member: cn=jjohnson
| cn: Administrators
|
| dn: cn=Users,ou=groups,dc=test,dc=com
| objectClass: top
| objectClass: groupOfNames
| member: cn=tuser
|
| cn: Users
|
| <application-policy name="testLDAP">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://LDAPSERVER:389</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <module-option name="java.naming.security.principal">uid=Manager,dc=test,dc=com</module-option>
| <module-option name="java.naming.security.credentials">secret</module-option>
| <module-option name="principalDNPrefix">uid=</module-option>
| <module-option name="principalDNSuffix">,ou=people,dc=test,dc=com</module-option>
| <module-option name="rolesCtxDN">ou=groups,dc=test,dc=com</module-option>
| <module-option name="uidAttributeID">member</module-option>
| <module-option name="matchOnUserDN">false</module-option>
| <module-option name="roleAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">false</module-option>
| <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
| </login-module>
| </authentication>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4184956#4184956
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4184956
More information about the jboss-user
mailing list