Re: [jboss-user] Configuring the application policy in login-config.xml for LDAP Apache DS

Hi, I am using JBoss AS 5.1.0 GA and Apache Directory Server. Can anyone tell me what lines to put in the application policy configuration of my login-config.xml file for the following LDIF file that i imported in Apache Directory Server ? This LDIF file defines 3 users and 2 roles : uid : system userPassword: manager Roles: admin uid : user1 userPassword: p1 Roles: guest uid : user2 userPassword: p2 Roles: admin Here is the LDIF file that I imported with success in Apache DS : # User: system dn: uid=system,ou=users,ou=system cn: John Doe sn: Doe givenname: John objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson ou: Human Resources ou: People l: Las Vegas uid: system mail: system(a)apachecon.comm <mailto:system@apachecon.comm> telephonenumber: +1 408 555 5555 facsimiletelephonenumber: +1 408 555 5556 roomnumber: 4613 userPassword: manager # User: user1 dn: uid=user1,ou=users,ou=system cn: User sn: One givenname: User1 objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson ou: Human Resources ou: People l: Las Vegas uid: user1 mail: user1(a)apachecon.comm <mailto:user1@apachecon.comm> telephonenumber: +1 408 555 5555 facsimiletelephonenumber: +1 408 555 5556 roomnumber: 4613 userPassword: p1 # User: user2 dn: uid=user2,ou=users,ou=system cn: User sn: Two givenname: User2 objectclass: top objectclass: person objectclass: organizationalPerson objectclass: inetOrgPerson ou: Human Resources ou: People l: Las Vegas uid: user2 mail: user2(a)apachecon.comm <mailto:user2@apachecon.comm> telephonenumber: +1 408 555 5555 facsimiletelephonenumber: +1 408 555 5556 roomnumber: 4613 userPassword: p2 # Group: admin dn: cn=admin,ou=groups,ou=system objectClass: groupOfUniqueNames uniqueMember: uid=system,ou=users,ou=system uniqueMember: uid=user2,ou=users,ou=system cn: admin # Group: guest dn: cn=guest,ou=groups,ou=system objectClass: groupOfUniqueNames uniqueMember: uid=user1,ou=users,ou=system cn: guest I have tried the following application policy in my login-config.xml file but it does not work : <application-policy name="my_domaine_LDAP"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="bindDN">uid=system,ou=system</module-option> <module-option name="bindCredential">manager</module-option> <module-option name="baseCtxDN">cn=admin,ou=groups,ou=system</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option> <module-option name="roleFilter">(member={1})</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="searchScope">ONELEVEL_SCOPE</module-option> <module-option name="allowEmptyPasswords">true</module-option> </login-module> </authentication> </application-policy> Being not too familiar with LDAP, I am not too sure about certain options, like bindCredential, bindDN, baseCtxDN ... Can someone please help me with the configuration of this application policy ? Thanks in advance. ------------------------------------------------------------------------ _______________________________________________ jboss-user mailing list jboss-user(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iEYEARECAAYFAkszn4YACgkQSphIUSiVzgZqfwCgwiRec5Joq/O0PuDhd2Yo4hck +0QAoM2yWooN5b7F7eD5Yzt1y6T6WjNB =nhpW -----END PGP SIGNATURE-----