Anu Saji created TEIID-3460:
-------------------------------
Summary: Alternative approach to map roles for a Teiid user via ldap login
module instead of RoleMappingLoginModule(ie.with out using properties file )
Key: TEIID-3460
URL:
https://issues.jboss.org/browse/TEIID-3460
Project: Teiid
Issue Type: Feature Request
Components: LDAP Connector
Affects Versions: 8.7
Reporter: Anu Saji
Assignee: Steven Hawkins
For the following ldap based login module
~~~
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="optional" >
<module-option
name="java.naming.provider.url"><hostname></module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option
name="bindDN"><username></module-option>
<module-option
name="bindCredential"><password></module-option>
<module-option
name="baseFilter">(uid={0})</module-option>
<module-option
name="baseCtxDN">ou=people,dc=gene,dc=com</module-option>
<module-option
name="roleFilter">(uniquemember={1})</module-option>
<module-option
name="roleAttributeID">cn</module-option>
<module-option
name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option
name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option
name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option
name="java.naming.referral">follow</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="optional" >
<module-option
name="java.naming.provider.url"><hostname></module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option
name="bindDN"><username></module-option>
<module-option
name="bindCredential"><password></module-option>
<module-option
name="baseFilter">(cn={0})</module-option>
<module-option
name="baseCtxDN">ou=Apps,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option
name="roleFilter">(uniquemember={1})</module-option>
<module-option
name="roleAttributeID">cn</module-option>
<module-option
name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option
name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option
name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option
name="java.naming.referral">follow</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
</login-module>
<!-- Map the Active Directory/LDAP Groups/Roles to meaningful JBoss roles
-->
<login-module
code="org.jboss.security.auth.spi.RoleMappingLoginModule"
flag="optional">
<module-option
name="rolesProperties">props/ldap-eds-rolemapping.properties</module-option>
</login-module>
~~~
Is there a way around not using the RoleMappingLoginModule (to avaoid usage of properties
file )
Instead use something similar to the declaration in a "web.xml" towards role
mapping like below ?
~~~
<auth-constraint>
<role-name>TeiidAdmin</role-name>
</auth-constraint>
...
<security-role>
<role-name>TeiidAdmin</role-name>
</security-role>
~~~
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)