[jboss-user] [Installation, Configuration & Deployment] - JBoss Portal LDAP Authentication

Tue Aug 1 16:48:25 EDT 2006

I have JBoss portal (2.2.1-SP3-bundled) authenticating correctly against an OpenLDAP server.  When I login with a *valid* username/password, though, subsequent pages fail with the error listed below.

Is the problem that the user 'jduke' needs to be in JBoss's user database as well as in LDAP?  It seems like the LdapExtLoginModule would take care of this automatically.  Do I need to write a custom LoginModule?

I've been all over google on this one and would greatly appreciate any help!

Thanks a million!
-- Joel

exception 

javax.servlet.ServletException: No such user No such user jduke
org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
	javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

root cause 

org.jboss.portal.core.model.NoSuchUserException: No such user No such user jduke
org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123)
org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100)
org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
...

Here's the login-config.xml:
<application-policy name="portal">

        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
            <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
            <module-option name="bindDN">cn=Manager,dc=jboss,dc=org</module-option>
            <module-option name="bindCredential">secret</module-option>
            <module-option name="baseCtxDN">ou=People,dc=jboss,dc=org</module-option>
            <module-option name="baseFilter">(uid={0})</module-option>

            <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
            <module-option name="roleFilter">(member={1})</module-option>
            <module-option name="roleAttributeID">cn</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleNameAttributeID">cn</module-option>

            <module-option name="roleRecursion">-1</module-option>
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>

            <module-option name="password-stacking">useFirstPass</module-option>
            <module-option name="passwordValidation">remote</module-option>            
        </login-module>

</application-policy>   

And here's what's in the LDAP:
dn: dc=jboss,dc=org
objectclass: top
objectclass: dcObject
objectclass: organization
dc: jboss
o: JBoss

dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: uidObject
objectclass: person
uid: jduke
cn: Java Duke
sn: Duke
userPassword: theduke

dn: ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: Roles

dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: JBossAdmin
member: uid=jduke,ou=People,dc=jboss,dc=org
description: the JBossAdmin group

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3962288#3962288

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3962288