[jboss-user] [Security & JAAS/JBoss] - LDAP Authendication & Authorization
manogaranyuvaraj
do-not-reply at jboss.com
Tue Oct 24 10:40:23 EDT 2006
Hi
I need some idea to configure the LDAP. I have the users & the roles in LDAP server. I can able to validate the role, but i can authenticate with the username & password. I think i have made some wrong thing.
Here my Configuration.
<application-policy name="jmx-console">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://ldaphost.abc.com:7992/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="uidAttributeID">uniquemember</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsID">false</module-option>
<module-option name="principalDNSuffix">,ou=People,dc=abc,dc=com</module-option>
<module-option name="rolesCtxDN">ou=Roles,du=abc,dc=com</module-option>
</login-module>
</application-policy>
Roles & users structure in LDAP
# entry-id: 64
dn: cn=JBossAdmin,ou=Roles,dc=abc,dc=com
objectClass: top
objectClass: groupofuniquenames
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
createTimestamp: 20061024132211Z
nsUniqueId: 8e207c01-1dd211b2-80c8e8b0-30c2eb27
uniqueMember: uid=emendez,ou=People,dc=gmacinsurance,dc=com
uniqueMember: uid=jsadler,ou=People,dc=gmacinsurance,dc=com
uniqueMember: uid=pabeln,ou=People,dc=gmacinsurance,dc=com
uniqueMember: uid=ymano,ou=People,dc=gmacinsurance,dc=com
cn: JBossAdmin
# entry-id: 65
dn: cn=HttpInvoker,ou=Roles,dc=abc,dc=com
objectClass: top
objectClass: groupofuniquenames
cn: HttpInvoker
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot
createTimestamp: 20061024141154Z
nsUniqueId: 8a442801-1dd211b2-80cfe8b0-30c2eb27
uniqueMember: uid=emendez,ou=People,dc=abc,dc=com
uniqueMember: uid=jsadler,ou=People,dc=abc,dc=com
uniqueMember: uid=pabeln,ou=People,dc=abc,dc=com
uniqueMember: uid=ymano,ou=People,dc=abc,dc=com
Any Idea.....
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980398#3980398
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980398
More information about the jboss-user
mailing list