[jboss-user] LDAP configuration issues, need assistance.
Aurynn Shaw
aurynn at gmail.com
Mon Mar 26 12:49:03 EDT 2007
My setup is running Jboss 4.0.4, Tomcat 5.5.20, and Java 1.5.0_11 on
CentOS 4.4.
I cannot get LDAP to properly authenticate my users. This is an
existing directory, so I can't really migrate it. It looks like a
problem with roles not being loaded correctly, as tracing with a
debugger revealed, as well as setting up of a "basic" Postgres
authentication policy, which worked properly.
I'm guessing I misconfigured my policy, but I'm not certain how. I've
read the documentation many times over, and haven't been able to come
up with anything. Anything else needed can be provided.
Thanks,
Aurynn
My LDAP login policy for JBoss is:
<application-policy name="example">
<authentication>
<login-module
code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</
module-option>
<module-option
name="java.naming.provider.url">ldap://127.0.0.1:389</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="java.naming.security.principal">cn=Administrator,ou=Roles,dc=examp
le,dc=com</module-option>
<module-option
name="java.naming.security.credentials">xxxx</module-option>
<module-option name="principalDNPrefix">uid=</module-
option>
<module-option
name="principalDNSuffix">,ou=People,dc=example,dc=com</module-option>
<module-option
name="rolesCtxDn">ou=Roles,dc=example,dc=com</module-option>
<module-option name="roleAttributeID">cn</module-
option>
<module-option name="roleAttributeIsDN">true</module-
option>
<module-option name="matchOnUserDN">true</module-
option>
<module-option name="uidAttributeID">uniqueMember</
module-option>
<module-option name =
"unauthenticatedIdentity">nobody</module-option>
</login-module>
</authentication>
</application-policy>
My schema looks like:
#
# Top level domain for example.com
dn: dc=example,dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: example
o: xxx
postalAddress: xxx
street: xxx
l: xxx
st: xxx
postalCode: xxx
telephoneNumber: xxx
facsimileTelephoneNumber: xxx
# Organizational unit for user accounts
dn: ou=People,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
# User account entry for the system administrator account
dn: uid=Administrator,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: Administrator
cn: Administrator
sn: Administrator
description: System administrator account
userPassword: secret
# User account entry for the guest user
dn: uid=nobody,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: nobody
cn: nobody
sn: nobody
description: Nobody user account
# User account entry for the guest user
dn: uid=guest,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: guest
cn: guest
sn: guest
description: Guest user account
userPassword: guest
# User account entry for the basic user
dn: uid=basic,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: basic
cn: basic
sn: basic
description: Basic user account
userPassword: basic
# User account entry for the expert user
dn: uid=expert,ou=People,dc=example,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
uid: expert
cn: expert
sn: expert
description: Expert user account
userPassword: expert
# Organizational unit for application roles
dn: ou=Roles,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Roles
# Role entry for administrators
dn: cn=Administrator,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrator
uniqueMember: uid=Administrator,ou=People,dc=example,dc=com
# Role entry for nobody users
dn: cn=Nobody User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Nobody User
uniqueMember: uid=nobody,ou=People,dc=example,dc=com
# Role entry for guest users
dn: cn=Guest User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Guest User
uniqueMember: uid=guest,ou=People,dc=example,dc=com
# Role entry for basic users
dn: cn=Basic User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Basic User
uniqueMember: uid=basic,ou=People,dc=example,dc=com
# Role entry for expert users
dn: cn=Expert User,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Expert User
uniqueMember: uid=expert,ou=People,dc=example,dc=com
More information about the jboss-user
mailing list