[jboss-jira] [JBoss JIRA] Created: (JBPORTAL-2261) problem with user role when creating user with LDAP

[Prabhat Jha (JIRA)]

problem with user role when creating user with LDAP
---------------------------------------------------

                 Key: JBPORTAL-2261
                 URL: https://jira.jboss.org/jira/browse/JBPORTAL-2261
             Project: JBoss Portal
          Issue Type: Bug
      Security Level: Public (Everyone can see)
          Components: Portal Identity
    Affects Versions: 2.7.0 Final
            Reporter: Prabhat Jha
            Assignee: Boleslaw Dawidowicz
             Fix For: 2.7.1 Final


Thanks Jirka for the bug.

 I tried to integrate the Portal with Red Hat authentiaction facilities using LDAP
          <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
             <module-option name="unauthenticatedIdentity">guest</module-option>
             <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
             <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
             <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
             <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
             <module-option name="validateUserNameCase">true</module-option>
             <module-option name="additionalRole">Authenticated</module-option>
          </login-module>
          <login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule" flag="required">
             <module-option name="synchronizeIdentity">true</module-option>
             <module-option name="synchronizeRoles">true</module-option>
             <module-option name="preserveRoles">true</module-option>
             <module-option name="additionalRole">Authenticated</module-option>
             <module-option name="defaultAssignedRole">User</module-option>
             <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
             <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
             <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
             <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
             <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
             <module-option name="java.naming.provider.url">ldaps://ldap.brq.redhat.com:636</module-option>
             <module-option name="java.naming.security.protocol">ssl</module-option>
             <module-option name="java.naming.security.authentication">simple</module-option>
             <module-option name="principalDNPrefix">uid=</module-option>
             <module-option name="principalDNSuffix">,ou=users,dc=redhat,dc=com</module-option>
             <module-option name="matchOnUserDN">true</module-option>
             <module-option name="searchTimeLimit">10000</module-option>
             <module-option name="searchScope">SUBTREE_SCOPE</module-option>
             <module-option name="allowEmptyPasswords">false</module-option>
          </login-module>

There is one BIG issue though. This configuration allows you to create users in two ways - either in Portal users config or automatically when the users logs in the first time. But the problem is that even if in both cases the users has assigned User role when the user is created automatically the GUI behaves as the user is not in User role and thus not allows access to for example dashboard config. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira