[jboss-user] [Security & JAAS/JBoss] - LDAP Authendication & Authorization

manogaranyuvaraj do-not-reply at jboss.com
Tue Oct 24 10:40:23 EDT 2006


Hi 

I need some idea to configure the LDAP. I have the users & the roles in LDAP server. I can able to validate the role, but i can authenticate with the username & password. I think i have made some wrong thing. 

Here my Configuration. 

<application-policy name="jmx-console"> 

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> 
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> 
<module-option name="java.naming.provider.url">ldap://ldaphost.abc.com:7992/</module-option> 
<module-option name="java.naming.security.authentication">simple</module-option> 
<module-option name="principalDNPrefix">uid=</module-option> 
<module-option name="uidAttributeID">uniquemember</module-option> 
<module-option name="matchOnUserDN">true</module-option> 
<module-option name="roleAttributeID">cn</module-option> 
<module-option name="roleAttributeIsID">false</module-option> 
<module-option name="principalDNSuffix">,ou=People,dc=abc,dc=com</module-option> 
<module-option name="rolesCtxDN">ou=Roles,du=abc,dc=com</module-option> 
</login-module> 

</application-policy> 

Roles & users structure in LDAP 

# entry-id: 64 
dn: cn=JBossAdmin,ou=Roles,dc=abc,dc=com 
objectClass: top 
objectClass: groupofuniquenames 
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot 
createTimestamp: 20061024132211Z 
nsUniqueId: 8e207c01-1dd211b2-80c8e8b0-30c2eb27 
uniqueMember: uid=emendez,ou=People,dc=gmacinsurance,dc=com 
uniqueMember: uid=jsadler,ou=People,dc=gmacinsurance,dc=com 
uniqueMember: uid=pabeln,ou=People,dc=gmacinsurance,dc=com 
uniqueMember: uid=ymano,ou=People,dc=gmacinsurance,dc=com 
cn: JBossAdmin 

# entry-id: 65 
dn: cn=HttpInvoker,ou=Roles,dc=abc,dc=com 
objectClass: top 
objectClass: groupofuniquenames 
cn: HttpInvoker 
creatorsName: uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot 
createTimestamp: 20061024141154Z 
nsUniqueId: 8a442801-1dd211b2-80cfe8b0-30c2eb27 
uniqueMember: uid=emendez,ou=People,dc=abc,dc=com 
uniqueMember: uid=jsadler,ou=People,dc=abc,dc=com 
uniqueMember: uid=pabeln,ou=People,dc=abc,dc=com 
uniqueMember: uid=ymano,ou=People,dc=abc,dc=com 

Any Idea..... 

Thanks

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3980398#3980398

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3980398



More information about the jboss-user mailing list