[jboss-user] [Installation, Configuration & Deployment] - JBoss Portal LDAP Authentication
joelryan2k
do-not-reply at jboss.com
Tue Aug 1 16:48:25 EDT 2006
I have JBoss portal (2.2.1-SP3-bundled) authenticating correctly against an OpenLDAP server. When I login with a *valid* username/password, though, subsequent pages fail with the error listed below.
Is the problem that the user 'jduke' needs to be in JBoss's user database as well as in LDAP? It seems like the LdapExtLoginModule would take care of this automatically. Do I need to write a custom LoginModule?
I've been all over google on this one and would greatly appreciate any help!
Thanks a million!
-- Joel
exception
javax.servlet.ServletException: No such user No such user jduke
org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227)
javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause
org.jboss.portal.core.model.NoSuchUserException: No such user No such user jduke
org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123)
org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100)
org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
...
Here's the login-config.xml:
<application-policy name="portal">
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
<module-option name="bindDN">cn=Manager,dc=jboss,dc=org</module-option>
<module-option name="bindCredential">secret</module-option>
<module-option name="baseCtxDN">ou=People,dc=jboss,dc=org</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="passwordValidation">remote</module-option>
</login-module>
</application-policy>
And here's what's in the LDAP:
dn: dc=jboss,dc=org
objectclass: top
objectclass: dcObject
objectclass: organization
dc: jboss
o: JBoss
dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: uidObject
objectclass: person
uid: jduke
cn: Java Duke
sn: Duke
userPassword: theduke
dn: ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: Roles
dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: JBossAdmin
member: uid=jduke,ou=People,dc=jboss,dc=org
description: the JBossAdmin group
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962288#3962288
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3962288
More information about the jboss-user
mailing list