[jboss-user] [Security & JAAS/JBoss] - Re: Single Sign On with LDAP Examples

salaboy21 do-not-reply at jboss.com
Fri Apr 4 17:02:38 EDT 2008 

Yes... with openldap and opends.. with diferent configurations.
Here is my schema for open ldap. 

  | # Base
  | dn: dc=nodomain
  | dc: foo
  | objectClass: top
  | objectClass: dcObject
  | objectClass: organization
  | o: No Domain
  | 
  | 
  | # People ou where we attach the users 
  | dn: ou=People, dc=nodomain
  | ou: People
  | objectClass: top
  | objectClass: organizationalUnit
  | 
  | # A basic inetOrgPerson
  | dn: cn=user,ou=People, dc=nodomain
  | sn: true
  | userPassword: secret
  | mail: user at foo.bar
  | displayName: user
  | objectClass: top
  | objectClass: person
  | objectClass: organizationalPerson
  | objectClass: inetOrgPerson
  | uid: test
  | cn: user
  | 
  | # The ou where we attach roles/groups 
  | dn: ou=roles, dc=nodomain
  | ou: roles
  | objectClass: top
  | objectClass: organizationalUnit
  | 
  | # A test group member of roles ou
  | dn: cn=TestGroup,ou=roles, dc=nodomain
  | ou: TestGroup
  | objectClass: top
  | objectClass: groupOfUniqueNames
  | uniqueMember: cn=user,ou=People
  | cn: TestGroup
  | 


Also i remember that i must explode the jboss-sso-test.ear and change the configuration in the jboss-sso-test.ear/META-INF/security-config.xml

to: 

  | <login-module code="org.jboss.security.idm.UsernameAndPasswordLoginModule" flag="sufficient">
  | 
  |             <module-option name="unauthenticatedIdentity">guest</module-option>                        
  | 
  |             <module-option name="password-stacking">useFirstPass</module-option>           
  | 
  |             <!--module-option name="hashAlgorithm">SHA-1</module-option-->
  | 
  |             <module-option name="hashUserPassword">false</module-option>
  |             <module-option name="hashStorePassword">false</module-option>
  | 
  |             <module-option name="authenticatedRoles">Authenticated,RegisteredUsers</module-option>             
  | 
  |          </login-module>

Hope it helps! Let me know if you have some troubles!

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141758#4141758

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4141758

More information about the jboss-user mailing list