[jboss-user] [Beginner's Corner] - jboss ldapextloginmodule
rasha k
do-not-reply at jboss.com
Wed May 2 09:46:03 EDT 2012
rasha k [https://community.jboss.org/people/rasha123] created the discussion
"jboss ldapextloginmodule"
To view the discussion, visit: https://community.jboss.org/message/733378#733378
--------------------------------------------------------------
hi ,
im not sure if this is the right place to ask, if not plz direct me,
im trying to authinticate jboss with active directory and i did this login file
application-policy name="OpenKM">
<authentication>
<login-module flag="required" code="org.jboss.security.auth.spi.LdapExtLoginModule">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://10.100.xx.xx:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">xxx\Admin</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">ou=user,dc=xxx,dc=local</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">ou=user,dc=xxx,dc=local</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">name</module-option>
<module-option name="java.naming.referral">follow</module-option>
</login-module>
</authentication>
</application-policy>
and this is my configuration file
system.login.lowercase=on
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.ldap.server=ldap://10.100.200.91:389/
principal.ldap.security.principal=CN=Admin,ou=user,dc=xx,dc=local
principal.ldap.security.credentials=password
principal.ldap.user.search.base=ou=user,dc=xxx,dc=local
principal.ldap.user.search.filter=(objectclass=person)
principal.ldap.user.attribute=sAMAccountName
principal.ldap.role.search.base=ou=xxx,dc=xxx,dc=local
principal.ldap.role.search.filter=(jectcoblass=group)
principal.ldap.role.attribute=cn
principal.ldap.mail.search.base=cn={0},ou=xxx,dc=xxx,dc=local
principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.mail.attribute=mail
principal.ldap.users.by.role.search.base=ou=xxxx,dc=xxx,dc=local
principal.ldap.users.by.role.search.filter=(objectclass=group)
principal.ldap.users.by.role.attribute=member
principal.ldap.roles.by.user.search.base=ou=xxxx,dc=xxx,dc=local
principal.ldap.roles.by.user.search.filter=(&(objectclass=person)(sAMAccountName={0}))
principal.ldap.roles.by.user.attribute=memberOf
i can succesfully login with active directory user but the ploblem that all users and roles are not imported to openkm!!
my active directory dn is
"cn= user1, CN=group1,OU=xxx,DC=xxxx,DC=local"
"cn= user2,CN=group2,OU=xxx,DC=xxxx,DC=local"
"cn= user3,CN=group3,OU=xxx,DC=xxxx,DC=local"
where users and roles (groups) under OU
i m not sure if my mistake is in the configuring of roles ands users ?!
any help :(
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/733378#733378]
Start a new discussion in Beginner's Corner at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2075]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-user/attachments/20120502/4082d085/attachment.html
More information about the jboss-user
mailing list