[jboss-user] [JBoss Portal] - Re: Admin role ignored when fetched from LDAP

[olivsch7]

Hello,

yes, I can. But you'll see that the configuration is disappointingly simple ;-):

  | <login-module code="org.jboss.portal.identity.auth.SynchronizingLDAPExtLoginModule" flag="sufficient">
  |             <module-option name="synchronizeIdentity">true</module-option>
  |             <module-option name="synchronizeRoles">true</module-option>
  |             <module-option name="preserveRoles">false</module-option>
  |             <module-option name="additionalRole">Authenticated</module-option>
  |             <module-option name="defaultAssignedRole">User</module-option>
  |             <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
  |             <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
  |             <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
  |             <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
  |             <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |             <module-option name="java.naming.provider.url">ldap://address:389/</module-option>
  |             <module-option name="java.naming.security.authentication">simple</module-option>
  |             <module-option name="bindDN">cn=Directory Manager</module-option>
  |             <module-option name="bindCredential"></module-option>
  |             <module-option name="baseCtxDN">ou=People,o=boschrexroth</module-option>
  |             <module-option name="baseFilter">(uid={0})</module-option>
  |             <module-option name="rolesCtxDN">ou=Roles,o=boschrexroth</module-option>
  |             <module-option name="roleFilter">(member={1})</module-option>
  |             <module-option name="roleAttributeID">cn</module-option>
  | 						
  |             <module-option name="roleRecursion">-1</module-option>
  |             <module-option name="searchTimeLimit">10000</module-option>
  |             <module-option name="searchScope">SUBTREE_SCOPE</module-option>
  |             <module-option name="allowEmptyPasswords">false</module-option>
  |          </login-module>
  | 				 
  |          <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient">
  |             <module-option name="unauthenticatedIdentity">guest</module-option>
  |             <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
  |             <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
  |             <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
  |             <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
  |             <module-option name="validateUserNameCase">true</module-option>
  |             <module-option name="additionalRole">Authenticated</module-option>
  |          </login-module>

Although it's no problem to use roles instead of groups, this issue should be covered anyhow. Well, let's see what we can find out.


View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4205457#4205457

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4205457