[jboss-user] [Security & JAAS/JBoss] - Re: Domino LDAP

rsoika do-not-reply at jboss.com
Tue Sep 12 09:18:15 EDT 2006 

hi,

we solved the configuration problems with the following configuration (inside the login-config.xml

<!-- LDAP login configuration for Domino  -->    
  |     <application-policy name="imixsIX">
  |         <authentication>
  |             <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
  |                           flag="required">
  |                 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |                 <module-option name="java.naming.provider.url">ldap://myhostmuc:389/</module-option>                               
  |                 <module-option name="java.naming.security.authentication">simple</module-option>
  |                 <module-option name="principalDNPrefix">cn=</module-option>
  |                 <!-- for principalDNSuffix no entry is needed for domino (e.g. o=MYDOMIAN) -->                 
  |                 <module-option name="principalDNSuffix"></module-option>
  |                 <module-option name="rolesCtxDN"></module-option>
  |                 <module-option name="uidAttributeID">member</module-option>
  |                 <module-option name="matchOnUserDN">true</module-option>
  |                 <module-option name="roleAttributeID">cn</module-option>
  |                 <module-option name="roleAttributeIsDN">false</module-option>
  |                 <module-option name="searchTimeLimit">5000</module-option>
  |                 <!-- searchScope ONELEVEL_SCOPE is neccesary for Domino -->
  |                 <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
  |                
  |             </login-module>
  |         </authentication>
  |     </application-policy>
  | 

If your user will see no roles this will be an isue of the names.nsf acl. If "normal" users are not allowed to read in the name.nsf (this is typical for Domino installations) you need additional params to make the lookups with an admin account:

     <!-- Principal und Credentials for ldap lookups -->
  |     <module-option name="java.naming.security.principal">cn=admin,o=MYORG</module-option>
  |     <module-option name="java.naming.security.credentials">password</module-option> 

I hope this will be helpfull

Ralph


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971001#3971001

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971001

More information about the jboss-user mailing list