[jboss-jira] [JBoss JIRA] Created: (SECURITY-5) Integrate OpenDS in HEAD testsuite

Tue Sep 12 15:26:35 EDT 2006

Integrate OpenDS in HEAD testsuite
----------------------------------

                 Key: SECURITY-5
                 URL: http://jira.jboss.com/jira/browse/SECURITY-5
             Project: JBoss Security
          Issue Type: Task
      Security Level: Public (Everyone can see)
          Components: JBossSX
            Reporter: Anil Saldhana
         Assigned To: Anil Saldhana

My preliminary testing with OpenDS has been a success. I was able to secure a jmx-console using the LdapLoginModule with the example1.ldif in
http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule

Since the configuration of OpenDS is based on scripts that internally call java classes, it should be easy to integrate it into HEAD testsuite.

My prelim testing details:
====================================================================
C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>start-ds
[12/Sep/2006:12:57:14 -0500] category=CORE severity=NOTICE id=458886 msg="OpenDS
 Directory Server 0.1-build007 starting up."
[12/Sep/2006:12:57:15 -0500] category=BACKEND severity=NOTICE id=8847402 msg="A
database backend containing 1 entries has started."
[12/Sep/2006:12:57:16 -0500] category=CONFIG severity=SEVERE_WARNING id=3277325
msg="Access control has been disabled."
[12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458887 msg="The Di
rectory Server has started successfully."
[12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458891 msg="The Di
rectory Server has sent an alert notification generated by class org.opends.serv
er.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, al
ert ID 458887):  The Directory Server has started successfully.."
================================================================================

=============================================================================
C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapmodify -h localhost
-D "cn=Directory Manager" -w password -a -f a.ldif

Processing ADD request for dc=jboss,dc=org.

ADD operation successful for DN dc=jboss,dc=org.

Processing ADD request for ou=People,dc=jboss,dc=org.

ADD operation successful for DN ou=People,dc=jboss,dc=org.

Processing ADD request for uid=jduke,ou=People,dc=jboss,dc=org.

ADD operation successful for DN uid=jduke,ou=People,dc=jboss,dc=org.

Processing ADD request for ou=Roles,dc=jboss,dc=org.

ADD operation successful for DN ou=Roles,dc=jboss,dc=org.

Processing ADD request for cn=Echo,ou=Roles,dc=jboss,dc=org.

ADD operation successful for DN cn=Echo,ou=Roles,dc=jboss,dc=org.

Processing ADD request for cn=TheDuke,ou=Roles,dc=jboss,dc=org.

ADD operation successful for DN cn=TheDuke,ou=Roles,dc=jboss,dc=org.
===============================================================================

==============================================================================
C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapsearch -h localhost
 -b "dc=jboss,dc=org" -s sub "objectclass=*"

dn: dc=jboss,dc=org

objectClass: top

objectClass: dcObject

objectClass: organization

o: JBoss

dc: jboss

dn: ou=People,dc=jboss,dc=org

objectClass: top

objectClass: organizationalUnit

ou: People

dn: uid=jduke,ou=People,dc=jboss,dc=org

objectClass: top
objectClass: person
objectClass: uidObject
userPassword: {SSHA}XM3FqJX2rfY5Cnzd1Q77gBIsSaiS/MWFfg2LPw==
cn: Java Duke
sn: Duke
uid: jduke
=====================================================================================

The application policy:
<application-policy name = "jmx-console">
        <authentication>
            <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
                          flag="required">
                <module-option name="java.naming.factory.initial"> 
                    com.sun.jndi.ldap.LdapCtxFactory
                    </module-option>
                <module-option name="java.naming.provider.url">
                    ldap://localhost:389/
                </module-option>
                <module-option name="java.naming.security.authentication">
                    simple
                </module-option>
                <module-option name="principalDNPrefix">uid=</module-option>                    
                <module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=org</module-option>
                <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
                <module-option name="uidAttributeID">member</module-option>
                <module-option name="matchOnUserDN">true</module-option>
                <module-option name="roleAttributeID">cn</module-option>
                <module-option name="roleAttributeIsDN">false</module-option>
                <module-option name="searchTimeLimit">5000</module-option>
                <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
            </login-module>
        </authentication>
    </application-policy>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira