[jboss-user] [Security & JAAS/JBoss] - ActiveDirectory for login, DB for roles-query?
soema3
do-not-reply at jboss.com
Mon Oct 22 08:45:47 EDT 2007
Hi everybody,
thas my big problem:
The users are saved in the ActiveDirectory on a central server. I can login with JBoss with the login-config.xml:
<application-policy name="xxx">
| <authentication>
| <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
| <module-option name="dsJndiName">java:/DefaultDS</module-option>
| <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
| <module-option name="java.naming.provider.url">ldap://192.168.1.10:389/DC=bsp,DC=local??base?(objectClass=*)</module-option>
| <module-option name="java.naming.security.authentication">simple</module-option>
| <module-option name="principalDNPrefix">CN=</module-option>
| <module-option name="principalDNSuffix">,CN=Users,DC=bsp,DC=local</module-option>
| <!--<module-option name="rolesCtxDN">CN=Users,DC=bsp,DC=local</module-option>-->
| <module-option name="uidAttributeID">sAMAccountName</module-option>
| <module-option name="matchOnUserDN">false</module-option>
| <!--<module-option name="roleAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">true</module-option>-->
| </login-module>
| </authentication>
| </application-policy>
the problem is that the roles of the users are not saved in the AD. Instead i can find them in a database with columns like bit isAdmin for example.
I dont know how to add roles to the users or configurate the login-file to separate the source of the user and roles.
Have anybody a suggestion?
Thanks
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4097452#4097452
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4097452
More information about the jboss-user
mailing list