[jboss-user] [JBoss Portal] - Re: JBoss Portal LDAP Setup

[dleerob]

Okay so the way I ended up working around the security issues when using LDAP is this:

- I downloaded the source so I could build the JBoss Portal myself.
- I DID NOT enable LDAP authenitcation and used the standard setup that comes with JBoss Portal.
- I created all the users I wanted in JBoss Portal the usual way, all with the same password, for example, "mypassword", but made sure that each username corresponded to the user name in my LDAP directory.
- I downloaded the JLdap library from www.openldap.org.
- I put the jar file in the portal lib directory.
- I added the jar file to jboss-portal-2.4.1-src\thirdparty.
- Added the classpath to jboss-portal-2.4.1-src\identity\build.xml.
- I edited jboss-portal-2.4.1-src\identity\src\main\org\jboss\portal\identity\auth\IdentityLoginModule in the JBoss Portal source code and added my own LDAPAuthentication method.
- In IdentityLoginModule, I edited the method validatePassword, and at the top of it, I called my LDAPAuthentication method with the supplied username and password, which then returned true if LDAP authenitcation passed, or false if it failed. If true was returned, I changed the supplied password to "mypassword" in validatePassword method, otherwise I changed it to "incorrect" or some other incorrect string. Now the rest of validatePassword method continues normally, and will login the user locally if they used their correct LDAP password.
- I built the portal source from scratch, and my customized LDAP authentication worked perfectly.

A workaround I know, but it works, and hopefully will help someone else.
When JBoss Portal 2.6 is stable, I will upgrade to that, and all of this will probably fall away.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4015061#4015061

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4015061