[rules-users] Connection with Active Directory multiple organizational units

G3 charmz05 at gmail.com
Sat Jun 19 13:17:51 EDT 2010 

I am able to authenticate with Active Directory but with only a single
organizational unit but not with users of multiple organizational units
This is my organizational structure
+cn=test,cn=con
--+ou=Sample1
-----uid:user1,uid:user2
--+ou=Sample2
-----uid:user3,uid:user4
--+roles
-----admin:uid:user1,user3
-----user:uid:user2,user4

I have set the admin rights accordingly in Guvnor.
I am using Jboss Guvnor standalone 4.2.3  and I am trying to connect
multiple organizational units using JAAS 
 my login-config.xml
---------------------
<application-policy name="adConnection"> 
 <authentication> 
 <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required" > 
 <module-option
name="java.naming.provider.url">ldap://c.test.com:389/</module-option> 
 <module-option
name="java.naming.security.authentication">simple</module-option> 
 <module-option
name="bindDN">CN=Administrator,CN=Users,dc=test,dc=com</module-option> 
 <module-option name="bindCredential">password</module-option> 
 <module-option name="baseCtxDN">OU=Sample1,dc=test,dc=com</module-option> 
 <module-option name="baseFilter">(CN={0})</module-option> 
 <module-option name="rolesCtxDN">OU=roles,dc=test,dc=com</module-option> 
 <module-option name="uidAttributeID">member</module-option> 
 <module-option name="matchOnUserDN">true</module-option> 
 <module-option name="roleFilter">(member={1})</module-option> 
 <module-option name="roleAttributeID">CN</module-option> 
 <module-option name="roleRecursion">-1</module-option> 
 </login-module> 
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required" > 
 <module-option
name="java.naming.provider.url">ldap://c.test.com:389/</module-option> 
 <module-option
name="java.naming.security.authentication">simple</module-option> 
 <module-option
name="bindDN">CN=Administrator,CN=Users,dc=test,dc=com</module-option> 
 <module-option name="bindCredential">password</module-option> 
 <module-option name="baseCtxDN">OU=Sample2,dc=test,dc=com</module-option> 
 <module-option name="baseFilter">(CN={0})</module-option> 
 <module-option name="rolesCtxDN">OU=roles,dc=test,dc=com</module-option> 
 <module-option name="uidAttributeID">member</module-option> 
 <module-option name="matchOnUserDN">true</module-option> 
 <module-option name="roleFilter">(member={1})</module-option> 
 <module-option name="roleAttributeID">CN</module-option> 
 <module-option name="roleRecursion">-1</module-option> 
 </login-module> 
 </authentication> 
</application-policy> 

and my component.xml
-------------------------
<security:identity authenticate-method="#{authenticator.authenticate}" 
                      jaas-config-name="adConnection"/>

I donot get any  errors in server console during deployment but when login
,I cannot login into Guvnor and I get password or user name incorrect.Can
some one help me out  



-- 
View this message in context: http://drools-java-rules-engine.46999.n3.nabble.com/Connection-with-Active-Directory-multiple-organizational-units-tp907892p907892.html
Sent from the Drools - User mailing list archive at Nabble.com.

More information about the rules-users mailing list