4:43 p.m.
problem with user role when creating user with LDAP
---------------------------------------------------
Key: JBPORTAL-2261
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2261
Project: JBoss Portal
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: Portal Identity
Affects Versions: 2.7.0 Final
Reporter: Prabhat Jha
Assignee: Boleslaw Dawidowicz
Fix For: 2.7.1 Final
Thanks Jirka for the bug.
I tried to integrate the Portal with Red Hat authentiaction facilities using LDAP
<login-module
code="org.jboss.portal.identity.auth.IdentityLoginModule"
flag="sufficient">
<module-option
name="unauthenticatedIdentity">guest</module-option>
<module-option
name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option
name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option
name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
<module-option
name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option
name="validateUserNameCase">true</module-option>
<module-option
name="additionalRole">Authenticated</module-option>
</login-module>
<login-module
code="org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule"
flag="required">
<module-option
name="synchronizeIdentity">true</module-option>
<module-option
name="synchronizeRoles">true</module-option>
<module-option
name="preserveRoles">true</module-option>
<module-option
name="additionalRole">Authenticated</module-option>
<module-option
name="defaultAssignedRole">User</module-option>
<module-option
name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option
name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option
name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option
name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldaps://ldap.brq.redhat.com:636</module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="principalDNPrefix">uid=</module-option>
<module-option
name="principalDNSuffix">,ou=users,dc=redhat,dc=com</module-option>
<module-option
name="matchOnUserDN">true</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
<module-option
name="searchScope">SUBTREE_SCOPE</module-option>
<module-option
name="allowEmptyPasswords">false</module-option>
</login-module>
There is one BIG issue though. This configuration allows you to create users in two ways -
either in Portal users config or automatically when the users logs in the first time. But
the problem is that even if in both cases the users has assigned User role when the user
is created automatically the GUI behaves as the user is not in User role and thus not
allows access to for example dashboard config.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
1:49 a.m.
New subject: [JBoss JIRA] Updated: (JBPORTAL-2261) problem with user role when creating user with LDAP
[
https://jira.jboss.org/jira/browse/JBPORTAL-2261?page=com.atlassian.jira....
]
Thomas Heute updated JBPORTAL-2261:
-----------------------------------
Fix Version/s: 2.7.2 Final
(was: 2.7.1 Final)
problem with user role when creating user with LDAP
---------------------------------------------------
Key: JBPORTAL-2261
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2261
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal Identity
Affects Versions: 2.7.0 Final
Reporter: Prabhat Jha
Assignee: Boleslaw Dawidowicz
Fix For: 2.7.2 Final
Thanks Jirka for the bug.
I tried to integrate the Portal with Red Hat authentiaction facilities using LDAP
<login-module
code="org.jboss.portal.identity.auth.IdentityLoginModule"
flag="sufficient">
<module-option
name="unauthenticatedIdentity">guest</module-option>
<module-option
name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option
name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option
name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
<module-option
name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option
name="validateUserNameCase">true</module-option>
<module-option
name="additionalRole">Authenticated</module-option>
</login-module>
<login-module
code="org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule"
flag="required">
<module-option
name="synchronizeIdentity">true</module-option>
<module-option
name="synchronizeRoles">true</module-option>
<module-option
name="preserveRoles">true</module-option>
<module-option
name="additionalRole">Authenticated</module-option>
<module-option
name="defaultAssignedRole">User</module-option>
<module-option
name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option
name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option
name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option
name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldaps://ldap.brq.redhat.com:636</module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="principalDNPrefix">uid=</module-option>
<module-option
name="principalDNSuffix">,ou=users,dc=redhat,dc=com</module-option>
<module-option
name="matchOnUserDN">true</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
<module-option
name="searchScope">SUBTREE_SCOPE</module-option>
<module-option
name="allowEmptyPasswords">false</module-option>
</login-module>
There is one BIG issue though. This configuration allows you to create users in two ways
- either in Portal users config or automatically when the users logs in the first time.
But the problem is that even if in both cases the users has assigned User role when the
user is created automatically the GUI behaves as the user is not in User role and thus not
allows access to for example dashboard config.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
8:15 a.m.
New subject: [JBoss JIRA] Resolved: (JBPORTAL-2261) problem with user role when creating user with LDAP
[
https://jira.jboss.org/jira/browse/JBPORTAL-2261?page=com.atlassian.jira....
]
Boleslaw Dawidowicz resolved JBPORTAL-2261.
-------------------------------------------
Resolution: Done
fixed in JBP_IDENTITY_BRANCH_1_0
problem with user role when creating user with LDAP
---------------------------------------------------
Key: JBPORTAL-2261
URL: https://jira.jboss.org/jira/browse/JBPORTAL-2261
Project: JBoss Portal
Issue Type: Bug
Security Level: Public(Everyone can see)
Components: Portal Identity
Affects Versions: 2.7.0 Final
Reporter: Prabhat Jha
Assignee: Boleslaw Dawidowicz
Fix For: 2.7.2 Final
Thanks Jirka for the bug.
I tried to integrate the Portal with Red Hat authentiaction facilities using LDAP
<login-module
code="org.jboss.portal.identity.auth.IdentityLoginModule"
flag="sufficient">
<module-option
name="unauthenticatedIdentity">guest</module-option>
<module-option
name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option
name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option
name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
<module-option
name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option
name="validateUserNameCase">true</module-option>
<module-option
name="additionalRole">Authenticated</module-option>
</login-module>
<login-module
code="org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule"
flag="required">
<module-option
name="synchronizeIdentity">true</module-option>
<module-option
name="synchronizeRoles">true</module-option>
<module-option
name="preserveRoles">true</module-option>
<module-option
name="additionalRole">Authenticated</module-option>
<module-option
name="defaultAssignedRole">User</module-option>
<module-option
name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option
name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option
name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option
name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldaps://ldap.brq.redhat.com:636</module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="principalDNPrefix">uid=</module-option>
<module-option
name="principalDNSuffix">,ou=users,dc=redhat,dc=com</module-option>
<module-option
name="matchOnUserDN">true</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
<module-option
name="searchScope">SUBTREE_SCOPE</module-option>
<module-option
name="allowEmptyPasswords">false</module-option>
</login-module>
There is one BIG issue though. This configuration allows you to create users in two ways
- either in Portal users config or automatically when the users logs in the first time.
But the problem is that even if in both cases the users has assigned User role when the
user is created automatically the GUI behaves as the user is not in User role and thus not
allows access to for example dashboard config.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
5769
days inactive
5811
days old
2 comments
3 participants
participants (3)
-
Boleslaw Dawidowicz (JIRA) -
Prabhat Jha (JIRA)
-
Thomas Heute (JIRA)