[JBoss JIRA] (TEIID-3460) Alternative approach to map roles for a Teiid user via ldap login module instead of RoleMappingLoginModule(ie.with out using properties file )
9:10 a.m.
[
https://issues.jboss.org/browse/TEIID-3460?page=com.atlassian.jira.plugin...
]
Steven Hawkins resolved TEIID-3460.
-----------------------------------
Resolution: Done
Updated the community docs to make it clear that the RoleMappingLoginModule is optional.
Alternative approach to map roles for a Teiid user via ldap login
module instead of RoleMappingLoginModule(ie.with out using properties file )
-----------------------------------------------------------------------------------------------------------------------------------------------
Key: TEIID-3460
URL: https://issues.jboss.org/browse/TEIID-3460
Project: Teiid
Issue Type: Feature Request
Components: LDAP Connector
Affects Versions: 8.7
Reporter: Anu Saji
Assignee: Steven Hawkins
For the following ldap based login module
~~~
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="optional" >
<module-option
name="java.naming.provider.url"><hostname></module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option
name="bindDN"><username></module-option>
<module-option
name="bindCredential"><password></module-option>
<module-option
name="baseFilter">(uid={0})</module-option>
<module-option
name="baseCtxDN">ou=people,dc=gene,dc=com</module-option>
<module-option
name="roleFilter">(uniquemember={1})</module-option>
<module-option
name="roleAttributeID">cn</module-option>
<module-option
name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option
name="roleAttributeIsDN">false</module-option>
<module-option
name="roleRecursion">2</module-option>
<module-option
name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option
name="java.naming.referral">follow</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="optional" >
<module-option
name="java.naming.provider.url"><hostname></module-option>
<module-option
name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option
name="bindDN"><username></module-option>
<module-option
name="bindCredential"><password></module-option>
<module-option
name="baseFilter">(cn={0})</module-option>
<module-option
name="baseCtxDN">ou=Apps,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option
name="roleFilter">(uniquemember={1})</module-option>
<module-option
name="roleAttributeID">cn</module-option>
<module-option
name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option
name="roleAttributeIsDN">false</module-option>
<module-option
name="roleRecursion">2</module-option>
<module-option
name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option
name="java.naming.referral">follow</module-option>
<module-option
name="searchTimeLimit">10000</module-option>
</login-module>
<!-- Map the Active Directory/LDAP Groups/Roles to meaningful JBoss roles
-->
<login-module
code="org.jboss.security.auth.spi.RoleMappingLoginModule"
flag="optional">
<module-option
name="rolesProperties">props/ldap-eds-rolemapping.properties</module-option>
</login-module>
~~~
Is there a way around not using the RoleMappingLoginModule (to avaoid usage of properties
file )
Instead use something similar to the declaration in a "web.xml" towards role
mapping like below ?
~~~
<auth-constraint>
<role-name>TeiidAdmin</role-name>
</auth-constraint>
...
<security-role>
<role-name>TeiidAdmin</role-name>
</security-role>
~~~
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
3525
days inactive
3525
days old
0 comments
1 participants
participants (1)
-
Steven Hawkins (JIRA)