[rules-users] Integration issue : Guvnor with Openldap
Jaroslaw Kijanowski
kijanowski at gmail.com
Wed Apr 21 05:30:57 EDT 2010
Try this one:
<application-policy name="guvnor">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required" >
<module-option
name="java.naming.provider.url">ldaps://localhost:16636</module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option
name="bindDN">cn=DirManager,dc=kijanowski,dc=eu</module-option>
<module-option name="bindCredential">admin123</module-option>
<module-option
name="baseCtxDN">ou=People,o=guvnor,dc=kijanowski,dc=eu</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option
name="rolesCtxDN">ou=Roles,o=guvnor,dc=kijanowski,dc=eu</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
</login-module>
</authentication>
</application-policy>
When you have followed the tutorial, then you have setup ssl, so please
keep in mind to use ldaps instead of ldap in the connection url. Change
also the port from the default one, 389, to 16636.
And yes, the tutorial has a bug showing the login-config.xml file, since
it has been copied over without the corresponding xml attributes...
Cheers,
Jarek
Gayatri Chandak wrote:
> Hello All,
>
> An update from my side.
> We tried modifying the login-config.xml file as below:
>
> <authentication>
> <login-module
> code="org.jboss.security.auth.spi.LdapAuthenticatorLoginModule"
> flag="optional">
> <module-option
> name="java.naming.provider.url">ldap://test.kalyani.com:389/</module-option>
> <module-option name="java.naming.security.protocol">ssl</module-option>
> <module-option
> name="java.naming.security.principal">cn=DirManager</module-option>
> <module-option
> name="java.naming.security.credentials">secret</module-option>
> <module-option name="searchBase">dc=kijanowski,dc=eu</module-option>
> </login-module>
> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" >
> <module-option name="java.naming.factory.initial">
> com.sun.jndi.ldap.LdapCtxFactory</module-option>
> <module-option
> name="java.naming.provider.url">ldap://test.kalyani.com:389/</module-option>
> <module-option
> name="java.naming.security.authentication">simple</module-option>
> <module-option name="bindDN">cn=DirManager,dc=kijanowski,dc=eu
> </module-option>
> <module-option name="bindCredential">secret</module-option>
> <module-option
> name="baseCtxDN">ou=People,o=guvnor,dc=kijanowski,dc=eu </module-option>
>
> <module-option name="baseFilter">(uid={0})</module-option>
>
> <module-option
> name="rolesCtxDN">ou=Roles,o=guvnor,dc=kijanowski,dc=eu </module-option>
> <module-option name="roleFilter">(member={1})</module-option>
> <module-option name="roleAttributeID">member</module-option>
> <module-option name="roleRecursion">-1</module-option>
> <module-option name="roleNameAttributeID">cn</module-option>
> <module-option name="roleAttributeIsDN">true</module-option>
> <module-option name="searchTimeLimit">5000</module-option>
> <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
> </login-module>
> </ authentication>
> </application-policy>
>
>
>
>
>
> But, still we are not able to connect to the LDAP server
> through the login page. We are getting the follwoing error :
> [STDOUT] ERROR 15-04 11:59:15,597
> (SecurityServiceImpl.java:login:73)
> javax.security.auth.login.LoginException: No LoginModules
> configured for guvnor
>
> Please let me know if we are missing anything or anything
> needs to be changed.
>
> Thanks in advance.
>
>
>
>
> Regards,
> Gayatri Chandak
> Member-BPM/BRE/BAM Sub Focus Area
> TEG-Open Source
> Tata Consultancy Services
> Yantra Park -(STPI)
> 2nd Pokharan Road,
> Opp HRD Voltas Center,Subash Nagar
> Mumbai - 400 601,Maharashtra
> India
> Ph:- 022-67782556
> Mailto: gayatri.chandak at tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty. IT Services
> Business Solutions
> Outsourcing
> ____________________________________________
>
>
>
> From: Gayatri Chandak/MUM/TCS
>
> To: rules-users at lists.jboss.org
>
> Date: 04/15/2010 11:02 AM
>
> Subject: Integration issue : Guvnor with Openldap
>
> Sent by: Gayatri Chandak
>
>
>
>
>
> Hello All,
>
> I am trying to integrate the Guvnor with Openldap, for which I am following
> the below link.
>
> http://magazine.redhat.com/2008/08/14/jboss-drools-how-to-tuning-guvnor-part-2/#ldap
>
> The Server starts properly, but it does not recognize the user.
>
> Issue faced:
> I have to replace the file based authentication part with the Openldap
> code, which is given below.
>
> ldaps://localhost:16636
> ssl
> cn=DirManager,dc=kijanowski,dc=eu
> admin123
>
> ou=People,o=guvnor,dc=kijanowski,dc=eu
> (uid={0})
>
> ou=Roles,o=guvnor,dc=kijanowski,dc=eu
> (member={1})
> cn
>
> -1
> ONELEVEL_SCOPE
>
> I have no idea how to write the above code in the xml file.
> Can anyone please help me on this?
>
> Attaching the login-config.xml file, please find.
>
> [attachment "login-config.xml" deleted by Gayatri Chandak/TVM/TCS]
>
>
> Thanks and regards,
> Gayatri Chandak
> Member-BPM/BRE/BAM Sub Focus Area
> TEG-Open Source
> Tata Consultancy Services
> Yantra Park -(STPI)
> 2nd Pokharan Road,
> Opp HRD Voltas Center,Subash Nagar
> Mumbai - 400 601,Maharashtra
> India
> Ph:- 022-67782556
> Mailto: gayatri.chandak at tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty. IT Services
> Business Solutions
> Outsourcing
> ____________________________________________
>
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
More information about the rules-users
mailing list