[rules-users] Integration issue : Guvnor with Openldap
Gayatri Chandak
gayatri.chandak at tcs.com
Mon Apr 26 02:38:31 EDT 2010
Hi,
We tried the following solution.
But when we tried to connect to ldap through ssl at port 16636, we got the
following error:
Socket closed.
Please tell us how to resolve this issue.
Thanks in advance.
Regards,
Gayatri Chandak
TEG-Open Source
Tata Consultancy Services
Yantra Park -(STPI)
2nd Pokharan Road,
Opp HRD Voltas Center,Subash Nagar
Mumbai - 400 601,Maharashtra
India
Ph:- 022-67782556
Mailto: gayatri.chandak at tcs.com
Website: http://www.tcs.com
____________________________________________
Experience certainty. IT Services
Business Solutions
Outsourcing
____________________________________________
From: Jaroslaw Kijanowski <kijanowski at gmail.com>
To: Rules Users List <rules-users at lists.jboss.org>
Date: 04/21/2010 03:27 PM
Subject: Re: [rules-users] Integration issue : Guvnor with Openldap
Sent by: rules-users-bounces at lists.jboss.org
Try this one:
<application-policy name="guvnor">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required" >
<module-option
name="java.naming.provider.url">ldaps://localhost:16636</module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option
name="bindDN">cn=DirManager,dc=kijanowski,dc=eu</module-option>
<module-option name="bindCredential">admin123</module-option>
<module-option
name="baseCtxDN">ou=People,o=guvnor,dc=kijanowski,dc=eu</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option
name="rolesCtxDN">ou=Roles,o=guvnor,dc=kijanowski,dc=eu</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
</login-module>
</authentication>
</application-policy>
When you have followed the tutorial, then you have setup ssl, so please
keep in mind to use ldaps instead of ldap in the connection url. Change
also the port from the default one, 389, to 16636.
And yes, the tutorial has a bug showing the login-config.xml file, since
it has been copied over without the corresponding xml attributes...
Cheers,
Jarek
Gayatri Chandak wrote:
> Hello All,
>
> An update from my side.
> We tried modifying the login-config.xml file as below:
>
> <authentication>
> <login-module
> code="org.jboss.security.auth.spi.LdapAuthenticatorLoginModule"
> flag="optional">
> <module-option
>
name="java.naming.provider.url">ldap://test.kalyani.com:389/</module-option>
> <module-option name="java.naming.security.protocol">ssl</module-option>
> <module-option
> name="java.naming.security.principal">cn=DirManager</module-option>
> <module-option
> name="java.naming.security.credentials">secret</module-option>
> <module-option name="searchBase">dc=kijanowski,dc=eu</module-option>
> </login-module>
> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" >
> <module-option name="java.naming.factory.initial">
> com.sun.jndi.ldap.LdapCtxFactory</module-option>
> <module-option
>
name="java.naming.provider.url">ldap://test.kalyani.com:389/</module-option>
> <module-option
> name="java.naming.security.authentication">simple</module-option>
> <module-option name="bindDN">cn=DirManager,dc=kijanowski,dc=eu
> </module-option>
> <module-option name="bindCredential">secret</module-option>
> <module-option
> name="baseCtxDN">ou=People,o=guvnor,dc=kijanowski,dc=eu </module-option>
>
> <module-option name="baseFilter">(uid={0})</module-option>
>
> <module-option
> name="rolesCtxDN">ou=Roles,o=guvnor,dc=kijanowski,dc=eu </module-option>
> <module-option name="roleFilter">(member={1})</module-option>
> <module-option name="roleAttributeID">member</module-option>
> <module-option name="roleRecursion">-1</module-option>
> <module-option name="roleNameAttributeID">cn</module-option>
> <module-option name="roleAttributeIsDN">true</module-option>
> <module-option name="searchTimeLimit">5000</module-option>
> <module-option
name="searchScope">ONELEVEL_SCOPE</module-option>
> </login-module>
> </ authentication>
> </application-policy>
>
>
>
>
>
> But, still we are not able to connect to the LDAP server
> through the login page. We are getting the follwoing error :
> [STDOUT] ERROR 15-04 11:59:15,597
> (SecurityServiceImpl.java:login:73)
> javax.security.auth.login.LoginException: No LoginModules
> configured for guvnor
>
> Please let me know if we are missing anything or anything
> needs to be changed.
>
> Thanks in advance.
>
>
>
>
> Regards,
> Gayatri Chandak
> Member-BPM/BRE/BAM Sub Focus Area
> TEG-Open Source
> Tata Consultancy Services
> Yantra Park -(STPI)
> 2nd Pokharan Road,
> Opp HRD Voltas Center,Subash Nagar
> Mumbai - 400 601,Maharashtra
> India
> Ph:- 022-67782556
> Mailto: gayatri.chandak at tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty. IT Services
> Business Solutions
> Outsourcing
> ____________________________________________
>
>
>
> From: Gayatri Chandak/MUM/TCS
>
> To: rules-users at lists.jboss.org
>
> Date: 04/15/2010 11:02 AM
>
> Subject: Integration issue : Guvnor with Openldap
>
> Sent by: Gayatri Chandak
>
>
>
>
>
> Hello All,
>
> I am trying to integrate the Guvnor with Openldap, for which I am
following
> the below link.
>
>
http://magazine.redhat.com/2008/08/14/jboss-drools-how-to-tuning-guvnor-part-2/#ldap
>
> The Server starts properly, but it does not recognize the user.
>
> Issue faced:
> I have to replace the file based authentication part with the Openldap
> code, which is given below.
>
> ldaps://localhost:16636
> ssl
> cn=DirManager,dc=kijanowski,dc=eu
> admin123
>
> ou=People,o=guvnor,dc=kijanowski,dc=eu
> (uid={0})
>
> ou=Roles,o=guvnor,dc=kijanowski,dc=eu
> (member={1})
> cn
>
> -1
> ONELEVEL_SCOPE
>
> I have no idea how to write the above code in the xml file.
> Can anyone please help me on this?
>
> Attaching the login-config.xml file, please find.
>
> [attachment "login-config.xml" deleted by Gayatri Chandak/TVM/TCS]
>
>
> Thanks and regards,
> Gayatri Chandak
> Member-BPM/BRE/BAM Sub Focus Area
> TEG-Open Source
> Tata Consultancy Services
> Yantra Park -(STPI)
> 2nd Pokharan Road,
> Opp HRD Voltas Center,Subash Nagar
> Mumbai - 400 601,Maharashtra
> India
> Ph:- 022-67782556
> Mailto: gayatri.chandak at tcs.com
> Website: http://www.tcs.com
> ____________________________________________
> Experience certainty. IT Services
> Business Solutions
> Outsourcing
> ____________________________________________
>
>
> =====-----=====-----=====
> Notice: The information contained in this e-mail
> message and/or attachments to it may contain
> confidential or privileged information. If you are
> not the intended recipient, any dissemination, use,
> review, distribution, printing or copying of the
> information contained in this e-mail message
> and/or attachments to it are strictly prohibited. If
> you have received this communication in error,
> please notify us by reply e-mail or telephone and
> immediately and permanently delete the message
> and any attachments. Thank you
>
>
>
> _______________________________________________
> rules-users mailing list
> rules-users at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/rules-users
_______________________________________________
rules-users mailing list
rules-users at lists.jboss.org
https://lists.jboss.org/mailman/listinfo/rules-users
=====-----=====-----=====
Notice: The information contained in this e-mail
message and/or attachments to it may contain
confidential or privileged information. If you are
not the intended recipient, any dissemination, use,
review, distribution, printing or copying of the
information contained in this e-mail message
and/or attachments to it are strictly prohibited. If
you have received this communication in error,
please notify us by reply e-mail or telephone and
immediately and permanently delete the message
and any attachments. Thank you
More information about the rules-users
mailing list