<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns="http://www.w3.org/TR/REC-html40" xmlns:v =
"urn:schemas-microsoft-com:vml" xmlns:o =
"urn:schemas-microsoft-com:office:office" xmlns:w =
"urn:schemas-microsoft-com:office:word" xmlns:st1 =
"urn:schemas-microsoft-com:office:smarttags"><HEAD>
<META http-equiv=Content-Type content="text/html; charset=us-ascii">
<META content="MSHTML 6.00.6000.16939" name=GENERATOR><!--[if !mso]>
<STYLE>v\:* {
        BEHAVIOR: url(#default#VML)
}
o\:* {
        BEHAVIOR: url(#default#VML)
}
w\:* {
        BEHAVIOR: url(#default#VML)
}
.shape {
        BEHAVIOR: url(#default#VML)
}
</STYLE>
<![endif]--><o:SmartTagType name="PersonName"
namespaceuri="urn:schemas-microsoft-com:office:smarttags"></o:SmartTagType><!--[if !mso]>
<STYLE>st1\:* {
        BEHAVIOR: url(#default#ieooui)
}
</STYLE>
<![endif]-->
<STYLE>@font-face {
        font-family: Tahoma;
}
@font-face {
        font-family: Arial Narrow;
}
@page Section1 {size: 595.3pt 841.9pt; margin: 70.85pt 70.85pt 70.85pt 70.85pt; }
P.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
LI.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
DIV.MsoNormal {
        FONT-SIZE: 12pt; MARGIN: 0in 0in 0pt; FONT-FAMILY: "Times New Roman"
}
A:link {
        COLOR: blue; TEXT-DECORATION: underline
}
SPAN.MsoHyperlink {
        COLOR: blue; TEXT-DECORATION: underline
}
A:visited {
        COLOR: purple; TEXT-DECORATION: underline
}
SPAN.MsoHyperlinkFollowed {
        COLOR: purple; TEXT-DECORATION: underline
}
P {
        FONT-SIZE: 12pt; MARGIN-LEFT: 0in; MARGIN-RIGHT: 0in; FONT-FAMILY: "Times New Roman"; mso-margin-top-alt: auto; mso-margin-bottom-alt: auto
}
SPAN.E-postaStili17 {
        COLOR: windowtext; FONT-FAMILY: Arial; mso-style-type: personal
}
SPAN.style31 {
        FONT-WEIGHT: bold
}
SPAN.style11 {
        COLOR: #666666
}
SPAN.E-postaStili21 {
        COLOR: navy; FONT-FAMILY: Arial; mso-style-type: personal-reply
}
DIV.Section1 {
        page: Section1
}
</STYLE>
<!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1027" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></HEAD>
<BODY lang=TR vLink=purple link=blue><!--[if gte vml 1]><v:line id="_x0000_s1026" style='position:absolute;
z-index:1' from="-.5pt,-.9pt" to="182pt,-.9pt" strokecolor="navy"
strokeweight="2.25pt" /><![endif]--><![if !vml]><![endif]>
<DIV><FONT face=Arial color=#0000ff size=2>Hi,<BR>I am using JBoss AS 5.1.0 GA
and Apache Directory Server.<BR>Can anyone tell me what lines to put in the
application policy configuration of my login-config.xml file <BR>for the
following LDIF file that i imported in Apache Directory Server ?</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>This LDIF file defines 3 users and 2
roles :<BR>uid : system userPassword: manager Roles:
admin<BR>uid : user1 userPassword:
p1 Roles: guest<BR>uid :
user2 userPassword: p2
Roles: admin</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>Here is the LDIF file that I imported
with success in Apache DS :</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2># User: system</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>dn:
uid=system,ou=users,ou=system<BR>cn: John Doe<BR>sn: Doe<BR>givenname:
John<BR>objectclass: top<BR>objectclass: person<BR>objectclass:
organizationalPerson<BR>objectclass: inetOrgPerson<BR>ou: Human Resources<BR>ou:
People<BR>l: Las Vegas<BR>uid: system<BR>mail: <A
href="mailto:system@apachecon.comm">system@apachecon.comm</A><BR>telephonenumber:
+1 408 555 5555<BR>facsimiletelephonenumber: +1 408 555 5556<BR>roomnumber:
4613<BR>userPassword: manager</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2># User: user1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>dn:
uid=user1,ou=users,ou=system<BR>cn: User<BR>sn: One<BR>givenname:
User1<BR>objectclass: top<BR>objectclass: person<BR>objectclass:
organizationalPerson<BR>objectclass: inetOrgPerson<BR>ou: Human Resources<BR>ou:
People<BR>l: Las Vegas<BR>uid: user1<BR>mail: <A
href="mailto:user1@apachecon.comm">user1@apachecon.comm</A><BR>telephonenumber:
+1 408 555 5555<BR>facsimiletelephonenumber: +1 408 555 5556<BR>roomnumber:
4613<BR>userPassword: p1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2># User: user2</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>dn:
uid=user2,ou=users,ou=system<BR>cn: User<BR>sn: Two<BR>givenname:
User2<BR>objectclass: top<BR>objectclass: person<BR>objectclass:
organizationalPerson<BR>objectclass: inetOrgPerson<BR>ou: Human Resources<BR>ou:
People<BR>l: Las Vegas<BR>uid: user2<BR>mail: <A
href="mailto:user2@apachecon.comm">user2@apachecon.comm</A><BR>telephonenumber:
+1 408 555 5555<BR>facsimiletelephonenumber: +1 408 555 5556<BR>roomnumber:
4613<BR>userPassword: p2</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2># Group: admin</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>dn:
cn=admin,ou=groups,ou=system<BR>objectClass: groupOfUniqueNames<BR>uniqueMember:
uid=system,ou=users,ou=system<BR>uniqueMember:
uid=user2,ou=users,ou=system<BR>cn: admin</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2># Group: guest</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial color=#0000ff size=2>dn:
cn=guest,ou=groups,ou=system<BR>objectClass: groupOfUniqueNames<BR>uniqueMember:
uid=user1,ou=users,ou=system<BR>cn: guest</FONT></DIV>
<DIV> </DIV><FONT face=Arial color=#0000ff size=2>
<DIV><BR>I have tried the following application policy in my login-config.xml
file but it does not work :</DIV>
<DIV> </DIV>
<DIV><application-policy
name="my_domaine_LDAP"><BR> <authentication><BR> <login-module
code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"
><BR> <module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option><BR> <module-option
name="java.naming.provider.url">ldap://localhost:10389</module-option><BR> <module-option
name="java.naming.security.authentication">simple</module-option><BR> <module-option
name="bindDN">uid=system,ou=system</module-option><BR> <module-option
name="bindCredential">manager</module-option><BR> <module-option
name="baseCtxDN">cn=admin,ou=groups,ou=system</module-option><BR> <module-option
name="baseFilter">(uid={0})</module-option></DIV>
<DIV> </DIV>
<DIV> <module-option
name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option><BR> <module-option
name="roleFilter">(member={1})</module-option><BR> <module-option
name="roleAttributeID">cn</module-option><BR> <module-option
name="searchScope">ONELEVEL_SCOPE</module-option><BR> <module-option
name="allowEmptyPasswords">true</module-option><BR> </login-module><BR> </authentication><BR></application-policy></DIV>
<DIV> </DIV>
<DIV>Being not too familiar with LDAP, I am not too sure about certain options,
like bindCredential, bindDN, baseCtxDN ...</DIV>
<DIV> </DIV>
<DIV>Can someone please help me with the configuration of this application
policy ?</DIV>
<DIV> </DIV>
<DIV>Thanks in advance.<BR></FONT></DIV></BODY></HTML>