[jboss-user] [JBoss Portal] - LDAP and Active Directory

creative77 do-not-reply at jboss.com
Mon Oct 2 09:26:23 EDT 2006


I have been trying to setup LDAP in JBoss Portal, I have the user authenticating but, I don't know how to get the correct role to get logged in.

I get a "HTTP Status 403 - Access to the requested resource has been denied"
which I believe is due to the group/role not be resolved correctly. 

I am using the LdapExtLoginModule below is the trace from the log file after trying to get logged in.

Any help would be appreciated...

###################################################

08:12:41,235 DEBUG [CoyoteAdapter]  Requested cookie session id is 5A3FCFF056D82C70B3E68866F9CE0384
08:12:41,235 DEBUG [AuthenticatorBase] Security checking request POST /portal/j_security_check
08:12:41,235 DEBUG [FormAuthenticator] Authenticating username 'dsj0920'
08:12:41,235 DEBUG [FormAuthenticator] Authentication of 'XXX0920' was successful
08:12:41,235 DEBUG [FormAuthenticator] Redirecting to original '/portal'
08:12:41,235 DEBUG [AuthenticatorBase]  Failed authenticate() test ??/portal/j_security_check
08:12:41,235 DEBUG [CoyoteAdapter]  Requested cookie session id is 5A3FCFF056D82C70B3E68866F9CE0384
08:12:41,235 DEBUG [AuthenticatorBase] Security checking request GET /portal
08:12:41,235 DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Authenticated]' against GET / --> true
08:12:41,235 DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Secure]' against GET / --> false
08:12:41,235 DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET / --> false
08:12:41,235 DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Authenticated]' against GET / --> true
08:12:41,235 DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Secure]' against GET / --> false
08:12:41,235 DEBUG [RealmBase]   Checking constraint 'SecurityConstraint[Secure+Authenticated]' against GET / --> false
08:12:41,235 DEBUG [AuthenticatorBase]  Calling hasUserDataPermission()
08:12:41,235 DEBUG [RealmBase]   User data constraint has no restrictions
08:12:41,235 DEBUG [AuthenticatorBase]  Calling authenticate()
08:12:41,235 DEBUG [FormAuthenticator] Restore request from session '5A3FCFF056D82C70B3E68866F9CE0384'
08:12:41,235 DEBUG [AuthenticatorBase] Authenticated 'XXX0920' with type 'FORM'
08:12:41,235 DEBUG [FormAuthenticator] Proceed to restored request
08:12:41,235 DEBUG [AuthenticatorBase]  Calling accessControl()
08:12:41,235 DEBUG [RealmBase] Username XXX0920 does NOT have role Authenticated
08:12:41,235 DEBUG [AuthenticatorBase]  Failed accessControl() test

Here is what the RoleDN output is:

################################################


08:15:51,032 DEBUG [AuthenticatorBase] Security checking request GET /portal
08:15:51,032 DEBUG [AuthenticatorBase] We have cached auth type FORM for principal GenericPrincipal[dsj0920(CN=AccessIT,CN=Users,DC=adomain,DC=com,CN=Admin,OU=Security Groups,OU=Adomain Users,DC=adomain,DC=com,CN=Citrix Users,OU=Farm,OU=Citrix,DC=adomain,DC=com,CN=GG AP All Associates,OU=Security Groups,OU=AdomainUsers,DC=adomain,DC=com,CN=GG AP All Information Systems,OU=Security Groups,OU=Adomain Users,DC=adomain,DC=com,CN=GG AP Portal Admins,OU=Security Groups,OU=Adomain Users,DC=adomain,DC=com,CN=GG AP Portal Module Administrators,OU=Security Groups,OU=Adomain Users,DC=adomain,DC=com,CN=GG FA Associate Portal Development,CN=Users,DC=adomain,DC=com,CN=GG FA HROL Credentialing File Access,CN=Users,DC=adomain,DC=com,CN=Help Desk,CN=Users,DC=adomain,DC=com,CN=INFOSYS,CN=Users,DC=adomain,DC=com,CN=IS - Apps Team,CN=Users,DC=adomain,DC=com,CN=MRI NIMC,CN=Users,DC=adomain,DC=com,CN=Telecom,CN=Users,DC=adomain,DC=com,CN=\#Associate Portal Steering Committee,CN=Distribution Lists,CN=Users,DC=adomain,DC=com,CN=\#Change Management,CN=Distribution Lists,CN=Users,DC=adomain,DC=com,CN=\#Company-Wide,CN=Distribution Lists,CN=Users,DC=adomain,DC=com,CN=\#Core Upgrade Applications Team,CN=Distribution Lists,CN=Users,DC=adomain,DC=com,CN=\#IS-Application Team,CN=Distribution Lists,CN=Users,DC=adomain,DC=com,CN=\#IS-CHS31,CN=Distribution Lists,CN=Users,DC=adomain,DC=com,)]

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975481#3975481

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3975481




More information about the jboss-user mailing list