[jboss-user] Configuring the application policy in login-config.xml for LDAP Apache DS

Stephen Davidson gorky at freenet.carleton.ca
Thu Dec 24 12:06:14 EST 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Fernandes.

This list is apparently no longer monitored by anybody from the JBoss
Group.  You might want to try the Forums.  I do apologize, but I don't
know the answer to your question.

Regards,
Steve

Fernandes Celinio wrote:
> Hi,
> I am using JBoss AS 5.1.0 GA and Apache Directory Server.
> Can anyone tell me what lines to put in the application policy
> configuration of my login-config.xml file
> for the following LDIF file that i imported in Apache Directory Server ?
>  
> This LDIF file defines 3 users and 2 roles :
> uid : system  userPassword: manager   Roles: admin
> uid : user1   userPassword: p1        Roles: guest
> uid : user2   userPassword: p2        Roles: admin
>  
> Here is the LDIF file that I imported with success in Apache DS :
>  
> # User: system
>  
> dn: uid=system,ou=users,ou=system
> cn: John Doe
> sn: Doe
> givenname: John
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> ou: Human Resources
> ou: People
> l: Las Vegas
> uid: system
> mail: system at apachecon.comm <mailto:system at apachecon.comm>
> telephonenumber: +1 408 555 5555
> facsimiletelephonenumber: +1 408 555 5556
> roomnumber: 4613
> userPassword: manager
>  
> # User: user1
>  
> dn: uid=user1,ou=users,ou=system
> cn: User
> sn: One
> givenname: User1
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> ou: Human Resources
> ou: People
> l: Las Vegas
> uid: user1
> mail: user1 at apachecon.comm <mailto:user1 at apachecon.comm>
> telephonenumber: +1 408 555 5555
> facsimiletelephonenumber: +1 408 555 5556
> roomnumber: 4613
> userPassword: p1
>  
> # User: user2
>  
> dn: uid=user2,ou=users,ou=system
> cn: User
> sn: Two
> givenname: User2
> objectclass: top
> objectclass: person
> objectclass: organizationalPerson
> objectclass: inetOrgPerson
> ou: Human Resources
> ou: People
> l: Las Vegas
> uid: user2
> mail: user2 at apachecon.comm <mailto:user2 at apachecon.comm>
> telephonenumber: +1 408 555 5555
> facsimiletelephonenumber: +1 408 555 5556
> roomnumber: 4613
> userPassword: p2
>  
> # Group: admin
>  
> dn: cn=admin,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> uniqueMember: uid=system,ou=users,ou=system
> uniqueMember: uid=user2,ou=users,ou=system
> cn: admin
>  
> # Group: guest
>  
> dn: cn=guest,ou=groups,ou=system
> objectClass: groupOfUniqueNames
> uniqueMember: uid=user1,ou=users,ou=system
> cn: guest
>  
> 
> I have tried the following application policy in my login-config.xml
> file but it does not work :
>  
> <application-policy name="my_domaine_LDAP">
>  <authentication>
>  <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" >
>  <module-option
> name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
>  <module-option
> name="java.naming.provider.url">ldap://localhost:10389</module-option>
>  <module-option
> name="java.naming.security.authentication">simple</module-option>
>  <module-option name="bindDN">uid=system,ou=system</module-option>
>  <module-option name="bindCredential">manager</module-option>
>  <module-option
> name="baseCtxDN">cn=admin,ou=groups,ou=system</module-option>
>  <module-option name="baseFilter">(uid={0})</module-option>
>  
>  <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
>  <module-option name="roleFilter">(member={1})</module-option>
>  <module-option name="roleAttributeID">cn</module-option>
>  <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
>  <module-option name="allowEmptyPasswords">true</module-option>
>  </login-module>
>  </authentication>
> </application-policy>
>  
> Being not too familiar with LDAP, I am not too sure about certain
> options, like bindCredential, bindDN, baseCtxDN ...
>  
> Can someone please help me with the configuration of this application
> policy ?
>  
> Thanks in advance.
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> jboss-user mailing list
> jboss-user at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/jboss-user

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iEYEARECAAYFAkszn4YACgkQSphIUSiVzgZqfwCgwiRec5Joq/O0PuDhd2Yo4hck
+0QAoM2yWooN5b7F7eD5Yzt1y6T6WjNB
=nhpW
-----END PGP SIGNATURE-----

More information about the jboss-user mailing list