[jboss-user] [Installation, Configuration & DEPLOYMENT] - Configuring Security against LDAP

woollybarr do-not-reply at jboss.com
Tue Oct 9 05:45:49 EDT 2007 

Hi all,

I'm trying to get JBoss to secure a web app for me. I initially tried this just against Tomcat using a context.xml file and got it working. I've now "moved up a level" to JBoss and can't see where I'm going wrong.
I've put the following at the bottom of my login-config.xml:
<application-policy name="ldapsecurity">
	
		<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
			<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
			<module-option name="java.naming.provider.url">ldap://127.0.0.1:10389/</module-option>
			<module-option name="java.naming.security.authentication">simple</module-option>
			<module-option name="bindDN">uid=admin, ou=system</module-option>
			<module-option name="bindCredential">secret</module-option>
			<module-option name="baseFilter">(uid={0})</module-option>
			<module-option name="baseCtxDN">ou=Users,dc=example,dc=com</module-option>
			<module-option name="rolesCtxDN">ou=Groups,dc=example,dc=com</module-option>
			<module-option name="roleFilter">(uniquemember={0})</module-option>
			<module-option name="roleAttributeID">cn</module-option>
			<module-option name="roleRecursion">-1</module-option>
		</login-module>
	
</application-policy>

....and I created a jboss-web.xml in the WEB-INF folder of my web app and put this in it:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE jboss-web PUBLIC
              "-//JBoss//DTD Web Application 2.4//EN"
              "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
<jboss-web>
	<security-domain>java:/jaas/ldapsecurity</security-domain>
</jboss-web>

...but when i try and access my restricted content, I get asked for my username and password as expected, but they aren't recognised.

Is there anything obvious I'm missing?

Thanks for any help,

Phil.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4092924#4092924

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4092924

More information about the jboss-user mailing list