[jboss-user] [Installation, Configuration & DEPLOYMENT] - Re: Tutorial for setup of Authentication in JBoss?

[PeterJ]

Here are a few things to try.

1) Set roleAttributeIsDN to false. Looking at the code it appears that if this is false then the role is assumed to be the attribute's value (that is, the value of userClass in your example).

Also, set TRACE logging for the "org.jboss.security.auth.spi" package - once the LDAP login module gathers all of the necessary info to lookup the role it prints the info to the log if TRACE is set. It also prints out information about what it finds.

2) The LdapExtLoginModule has a defaultRole option that might do what you want; it appears to assign a role to all logged in users. You would have to change the config to look something like this:

<application-policy name="ldapLogin">
  |  <authentication>
  |   <login-module flag="required" code="org.jboss.security.auth.spi.LdapExtLoginModule">
  |    <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |    <module-option name="java.naming.provider.url">ldap://ldap.my.com:389/</module-option>                
  |    <module-option name="java.naming.security.authentication">simple</module-option>              
  |    <module-option name="bindDN">--account with ldap access--</module-option>  
  |    <module-option name="bindCredential">--password for that account--</module-option>          
  |    <module-option name="baseCtxDN">ou=people,o=my.com</module-option>  
  |    <module-option name="baseFilter">(uid={0})</module-option>  
  |    <module-option name="defaultRole">xxx</module-option>  
  |   </login-module>
  |  </authentication>
  | </application-policy>

Unfortunately the LdapExtLoginModule does not provide that much information when logging is set to TRACE.

View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4241773#4241773

Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4241773