[jboss-user] [JBoss Portal] - Ldap Configuration With Jboss Portal
amitdon19
do-not-reply at jboss.com
Wed Jul 2 12:14:02 EDT 2008
Hi All,
I am unable get to log in into Portal after configuring Portal with OpenDS Ldap.
When first time i am trying to get log in by user/user credential its showing me an error of "message: Access to the requested resource has been denied.description: Access to the specified resource (Access to the requested resource has been denied) has been forbidden."
but on very second attempt portal get authenticate with same credentials (user/user).This same case happens with admin/admin credentials.
but if I am trying to get log in with other credentials then it shows me an error of "Your account is disabled ">
Please help me out with this error.
I made following changes to configure portal with OpenDS Ldap:
All changes are in Bold
I used Following ldif:
dn: dc=jboss,dc=org
| objectclass: top
| objectclass: dcObject
| objectclass: organization
| dc: jboss
| o: jboss
|
| dn: ou=People,dc=jboss,dc=org
| objectclass: top
| objectclass: organizationalUnit
| ou: People
|
| dn: uid=user,ou=People,dc=jboss,dc=org
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: user
| cn: JBoss Portal user
| sn: user
| userPassword: user
| mail: email at email.com
|
|
| dn: uid=admin,ou=People,dc=jboss,dc=org
| objectclass: top
| objectclass: inetOrgPerson
| objectclass: person
| uid: admin
| cn: JBoss Portal admin
| sn: admin
| userPassword: admin
| mail: email at email.com
|
| dn: ou=Roles,dc=jboss,dc=org
| objectclass: top
| objectclass: organizationalUnit
| ou: Roles
|
| dn: cn=User,ou=Roles,dc=jboss,dc=org
| objectClass: top
| objectClass: groupOfNames
| cn: User
| description: the JBoss Portal user group
| member: uid=user,ou=People,dc=jboss,dc=org
|
| dn: cn=Admin,ou=Roles,dc=jboss,dc=org
| objectClass: top
| objectClass: groupOfNames
| cn: Echo
| description: the JBoss Portal admin group
| member: uid=admin,ou=People,dc=jboss,dc=org
1.In C:\jboss-portal-2.6.5.SP1\server\default\deploy\jboss-portal.sar\META-INF\jboss-service.xml
<mbean
| code="org.jboss.portal.core.identity.service.IdentityServiceControllerImpl"
| name="portal:service=Module,type=IdentityServiceController"
| xmbean-dd=""
| xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
| <xmbean/>
| <depends>portal:service=Hibernate</depends>
| <depends
| optional-attribute-name="IdentityEventBroadcaster"
| proxy-type="attribute">portal:service=IdentityEventManager</depends>
| <attribute name="JndiName">java:/portal/IdentityServiceController</attribute>
| <attribute name="RegisterMBeans">true</attribute>
| <attribute name="ConfigFile">conf/identity/ldap_identity-config.xml</attribute>
| <attribute name="DefaultConfigFile">conf/identity/standardidentity-config.xml</attribute>
| </mbean>
|
2.In C:\jboss-portal-2.6.5.SP1\server\default\deploy\jboss-portal.sar\conf\identity\ldap_identity-config.xml
<identity-configuration>
| <datasources>
| <datasource>
| <name>LDAP</name>
| <config>
| <option>
| <name>host</name>
| <value>localhost</value>
| </option>
| <option>
| <name>port</name>
| <value>389</value>
| </option>
| <option>
| <name>adminDN</name>
| <value>cn=Directory Manager</value>
| </option>
| <option>
| <name>adminPassword</name>
| <value>password</value>
| </option>
| <!--<option>
| <name>protocol</name>
| <value>ssl</value>
| </option>-->
| </config>
| </datasource>
| </datasources>
| <modules>
| <module>
| <!--type used to correctly map in IdentityContext registry-->
| <type>User</type>
| <implementation>LDAP</implementation>
| <!--Use this implementation for more flexible user retrieval-->
| <class>
| org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl
| </class>
| <config/>
| </module>
| <module>
| <type>Role</type>
| <implementation>LDAP</implementation>
| <!--Use this implementation for more flexible user retrieval-->
| <class>
| org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl
| </class>
| <config/>
| </module>
| <module>
| <type>Membership</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>UserProfile</type>
| <implementation>DELEGATING</implementation>
| <config>
| <option>
| <name>ldapModuleJNDIName</name>
| <value>java:/portal/LDAPUserProfileModule</value>
| </option>
| </config>
| </module>
| <module>
| <type>DBDelegateUserProfile</type>
| <implementation>DB</implementation>
| <config>
| <option>
| <name>randomSynchronizePassword</name>
| <value>true</value>
| </option>
| </config>
| </module>
| <module>
| <type>LDAPDelegateUserProfile</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| </modules>
|
| <options>
| <option-group>
| <group-name>common</group-name>
| <option>
| <name>userCtxDN</name>
| <value>ou=People,dc=jboss,dc=org</value>
| </option>
| <!--Uncomment to use with LDAPExtUserModuleImpl-->
| <option>
| <name>userSearchFilter</name>
| <value><![CDATA[(&((uid={0})(objectClass=person)))]]></value>
| </option>
| <option>
| <name>roleCtxDN</name>
| <value>ou=Roles,dc=jboss,dc=org</value>
| </option>
| <!--Uncomment to use with LDAPExtRoleModuleImpl-->
| <option>
| <name>roleSearchFilter</name>
| <value><![CDATA[(&((cn={0})(objectClass=groupOfNames)))]]></value>
| </option>
| </option-group>
| </options>
|
| </identity-configuration>
3.In C:\jboss-portal-2.6.5.SP1\server\default\deploy\jboss-portal.sar\conf\login-config.xml
| <application-policy name="portal">
| <authentication>
| <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
| <module-option name="unauthenticatedIdentity">guest</module-option>
| <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
| <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
| <module-option name="additionalRole">Authenticated</module-option>
| <module-option name="password-stacking">useFirstPass</module-option>
| </login-module>
| <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
| <module-option name="java.naming.factory.initial">
| com.sun.jndi.ldap.LdapCtxFactory
| </module-option>
| <module-option name="java.naming.provider.url">
| ldap://localhost:389/
| </module-option>
| <module-option name="java.naming.security.authentication">
| simple
| </module-option>
| <module-option name="bindDN">cn=Directory Manager</module-option>
| <module-option name="bindCredential">password</module-option>
| <module-option name="baseCtxDN">ou=People,dc=jboss,dc=org</module-option>
| <module-option name="baseFilter">(uid={0})</module-option>
| <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
| <module-option name="roleFilter">(member={1})</module-option>
| <module-option name="roleAttributeID">memberOf</module-option>
| <module-option name="roleRecursion">-1</module-option>
| <module-option name="roleNameAttributeID">cn</module-option>
| <module-option name="roleAttributeIsDN">true</module-option>
| <module-option name="searchTimeLimit">5000</module-option>
| <module-option name="searchScope">SUBTREE_SCOPE</module-option>
| </login-module>
| </authentication>
| </application-policy>
|
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4162126#4162126
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4162126
More information about the jboss-user
mailing list