[jboss-jira] [JBoss JIRA] Commented: (SECURITY-5) Integrate OpenDS in HEAD testsuite
Anil Saldhana (JIRA)
jira-events at jboss.com
Fri Sep 15 17:18:33 EDT 2006
[ http://jira.jboss.com/jira/browse/SECURITY-5?page=comments#action_12343398 ]
Anil Saldhana commented on SECURITY-5:
--------------------------------------
There is a XMBean service that starts/stops OpenDS inside a JBoss instance.
org.jboss.test.security.test.opends.OpenDSService
Also, there is a server configuration called as "opends" that sets up the opends config structure under:
jboss_instance/server/opends/conf/opends
Some DS log files are found under jboss_instance/server/opends/conf/opends/logs (access,errors,debug)
Also take notice of a OpenDS utility class in the test suite that can be used to add ldifs, delete DN, search etc.
org.jboss.test.security.test.opends.OpenDSUtil
> Integrate OpenDS in HEAD testsuite
> ----------------------------------
>
> Key: SECURITY-5
> URL: http://jira.jboss.com/jira/browse/SECURITY-5
> Project: JBoss Security
> Issue Type: Task
> Security Level: Public(Everyone can see)
> Components: JBossSX
> Reporter: Anil Saldhana
> Assigned To: Anil Saldhana
> Fix For: 2.0
>
>
> My preliminary testing with OpenDS has been a success. I was able to secure a jmx-console using the LdapLoginModule with the example1.ldif in
> http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule
> Since the configuration of OpenDS is based on scripts that internally call java classes, it should be easy to integrate it into HEAD testsuite.
> My prelim testing details:
> ====================================================================
> C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>start-ds
> [12/Sep/2006:12:57:14 -0500] category=CORE severity=NOTICE id=458886 msg="OpenDS
> Directory Server 0.1-build007 starting up."
> [12/Sep/2006:12:57:15 -0500] category=BACKEND severity=NOTICE id=8847402 msg="A
> database backend containing 1 entries has started."
> [12/Sep/2006:12:57:16 -0500] category=CONFIG severity=SEVERE_WARNING id=3277325
> msg="Access control has been disabled."
> [12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458887 msg="The Di
> rectory Server has started successfully."
> [12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458891 msg="The Di
> rectory Server has sent an alert notification generated by class org.opends.serv
> er.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, al
> ert ID 458887): The Directory Server has started successfully.."
> ================================================================================
> =============================================================================
> C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapmodify -h localhost
> -D "cn=Directory Manager" -w password -a -f a.ldif
> Processing ADD request for dc=jboss,dc=org.
> ADD operation successful for DN dc=jboss,dc=org.
> Processing ADD request for ou=People,dc=jboss,dc=org.
> ADD operation successful for DN ou=People,dc=jboss,dc=org.
> Processing ADD request for uid=jduke,ou=People,dc=jboss,dc=org.
> ADD operation successful for DN uid=jduke,ou=People,dc=jboss,dc=org.
> Processing ADD request for ou=Roles,dc=jboss,dc=org.
> ADD operation successful for DN ou=Roles,dc=jboss,dc=org.
> Processing ADD request for cn=Echo,ou=Roles,dc=jboss,dc=org.
> ADD operation successful for DN cn=Echo,ou=Roles,dc=jboss,dc=org.
> Processing ADD request for cn=TheDuke,ou=Roles,dc=jboss,dc=org.
> ADD operation successful for DN cn=TheDuke,ou=Roles,dc=jboss,dc=org.
> ===============================================================================
> ==============================================================================
> C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapsearch -h localhost
> -b "dc=jboss,dc=org" -s sub "objectclass=*"
> dn: dc=jboss,dc=org
> objectClass: top
> objectClass: dcObject
> objectClass: organization
> o: JBoss
> dc: jboss
> dn: ou=People,dc=jboss,dc=org
> objectClass: top
> objectClass: organizationalUnit
> ou: People
> dn: uid=jduke,ou=People,dc=jboss,dc=org
> objectClass: top
> objectClass: person
> objectClass: uidObject
> userPassword: {SSHA}XM3FqJX2rfY5Cnzd1Q77gBIsSaiS/MWFfg2LPw==
> cn: Java Duke
> sn: Duke
> uid: jduke
> =====================================================================================
> The application policy:
> <application-policy name = "jmx-console">
> <authentication>
> <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
> flag="required">
> <module-option name="java.naming.factory.initial">
> com.sun.jndi.ldap.LdapCtxFactory
> </module-option>
> <module-option name="java.naming.provider.url">
> ldap://localhost:389/
> </module-option>
> <module-option name="java.naming.security.authentication">
> simple
> </module-option>
> <module-option name="principalDNPrefix">uid=</module-option>
> <module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=org</module-option>
> <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
> <module-option name="uidAttributeID">member</module-option>
> <module-option name="matchOnUserDN">true</module-option>
> <module-option name="roleAttributeID">cn</module-option>
> <module-option name="roleAttributeIsDN">false</module-option>
> <module-option name="searchTimeLimit">5000</module-option>
> <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
> </login-module>
> </authentication>
> </application-policy>
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list