[jboss-user] [Security & JAAS/JBoss] - Negotiation, AdvancedLdapLoginModule and extracting user id

erace do-not-reply at jboss.com
Wed Sep 24 07:19:08 EDT 2008


I have successfully managed to get negotiation to work - gr8 docs. I have setup with AD running as KDC and use AdvancedLdapLoginModule to get user roles. 

As I can see, currently the principal that is passed to AdvancedLdapLoginModule is in the form username at REALM.NAME. In order for the role module to find user correctly I need to define some attribute to contain this info so the ldap search can find correct object (as in examples in userPrincipalName). Another option is (which worked for me) is to use mail attribute. I was wondering if there is any way to extract the actual user id from the principal so I could run the search against sAMAccountName rather than e-mail or manually edited attribute? 

By doing that I would like to limit the amount of work that administrator has to do by using some default behavior of AD. 

Any suggestions how to approach that? 



View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4178534#4178534

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4178534

More information about the jboss-user mailing list