[jboss-jira] [JBoss JIRA] Resolved: (JBPORTAL-2261) problem with user role when creating user with LDAP
Boleslaw Dawidowicz (JIRA)
jira-events at lists.jboss.org
Mon Jan 26 09:15:45 EST 2009
[ https://jira.jboss.org/jira/browse/JBPORTAL-2261?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Boleslaw Dawidowicz resolved JBPORTAL-2261.
-------------------------------------------
Resolution: Done
fixed in JBP_IDENTITY_BRANCH_1_0
> problem with user role when creating user with LDAP
> ---------------------------------------------------
>
> Key: JBPORTAL-2261
> URL: https://jira.jboss.org/jira/browse/JBPORTAL-2261
> Project: JBoss Portal
> Issue Type: Bug
> Security Level: Public(Everyone can see)
> Components: Portal Identity
> Affects Versions: 2.7.0 Final
> Reporter: Prabhat Jha
> Assignee: Boleslaw Dawidowicz
> Fix For: 2.7.2 Final
>
>
> Thanks Jirka for the bug.
> I tried to integrate the Portal with Red Hat authentiaction facilities using LDAP
> <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
> <module-option name="unauthenticatedIdentity">guest</module-option>
> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
> <module-option name="validateUserNameCase">true</module-option>
> <module-option name="additionalRole">Authenticated</module-option>
> </login-module>
> <login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPLoginModule" flag="required">
> <module-option name="synchronizeIdentity">true</module-option>
> <module-option name="synchronizeRoles">true</module-option>
> <module-option name="preserveRoles">true</module-option>
> <module-option name="additionalRole">Authenticated</module-option>
> <module-option name="defaultAssignedRole">User</module-option>
> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
> <module-option name="java.naming.provider.url">ldaps://ldap.brq.redhat.com:636</module-option>
> <module-option name="java.naming.security.protocol">ssl</module-option>
> <module-option name="java.naming.security.authentication">simple</module-option>
> <module-option name="principalDNPrefix">uid=</module-option>
> <module-option name="principalDNSuffix">,ou=users,dc=redhat,dc=com</module-option>
> <module-option name="matchOnUserDN">true</module-option>
> <module-option name="searchTimeLimit">10000</module-option>
> <module-option name="searchScope">SUBTREE_SCOPE</module-option>
> <module-option name="allowEmptyPasswords">false</module-option>
> </login-module>
> There is one BIG issue though. This configuration allows you to create users in two ways - either in Portal users config or automatically when the users logs in the first time. But the problem is that even if in both cases the users has assigned User role when the user is created automatically the GUI behaves as the user is not in User role and thus not allows access to for example dashboard config.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list