[rules-users] Connection with Active Directory multiple organizational units

Jervisliu jliu at redhat.com
Sat Jun 19 15:25:58 EDT 2010 

Are you using JBOSS AS for deploying Guvnor? You may want to try a newer 
version of JBOSS AS. Guvnor just uses standard JAAS , in your case, if 
there is sth wrong, its more likely its sth wrong with the 
LdapExtLoginModule.

Cheers,
Jervis

wrote:
> I am able to authenticate with Active Directory but with only a single
> organizational unit but not with users of multiple organizational units
> This is my organizational structure
> +cn=test,cn=con
> --+ou=Sample1
> -----uid:user1,uid:user2
> --+ou=Sample2
> -----uid:user3,uid:user4
> --+roles
> -----admin:uid:user1,user3
> -----user:uid:user2,user4
>
> I have set the admin rights accordingly in Guvnor.
> I am using Jboss Guvnor standalone 4.2.3  and I am trying to connect
> multiple organizational units using JAAS 
>  my login-config.xml
> ---------------------
> <application-policy name="adConnection"> 
>  <authentication> 
>  <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" > 
>  <module-option
> name="java.naming.provider.url">ldap://c.test.com:389/</module-option> 
>  <module-option
> name="java.naming.security.authentication">simple</module-option> 
>  <module-option
> name="bindDN">CN=Administrator,CN=Users,dc=test,dc=com</module-option> 
>  <module-option name="bindCredential">password</module-option> 
>  <module-option name="baseCtxDN">OU=Sample1,dc=test,dc=com</module-option> 
>  <module-option name="baseFilter">(CN={0})</module-option> 
>  <module-option name="rolesCtxDN">OU=roles,dc=test,dc=com</module-option> 
>  <module-option name="uidAttributeID">member</module-option> 
>  <module-option name="matchOnUserDN">true</module-option> 
>  <module-option name="roleFilter">(member={1})</module-option> 
>  <module-option name="roleAttributeID">CN</module-option> 
>  <module-option name="roleRecursion">-1</module-option> 
>  </login-module> 
> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" > 
>  <module-option
> name="java.naming.provider.url">ldap://c.test.com:389/</module-option> 
>  <module-option
> name="java.naming.security.authentication">simple</module-option> 
>  <module-option
> name="bindDN">CN=Administrator,CN=Users,dc=test,dc=com</module-option> 
>  <module-option name="bindCredential">password</module-option> 
>  <module-option name="baseCtxDN">OU=Sample2,dc=test,dc=com</module-option> 
>  <module-option name="baseFilter">(CN={0})</module-option> 
>  <module-option name="rolesCtxDN">OU=roles,dc=test,dc=com</module-option> 
>  <module-option name="uidAttributeID">member</module-option> 
>  <module-option name="matchOnUserDN">true</module-option> 
>  <module-option name="roleFilter">(member={1})</module-option> 
>  <module-option name="roleAttributeID">CN</module-option> 
>  <module-option name="roleRecursion">-1</module-option> 
>  </login-module> 
>  </authentication> 
> </application-policy> 
>
> and my component.xml
> -------------------------
> <security:identity authenticate-method="#{authenticator.authenticate}" 
>                       jaas-config-name="adConnection"/>
>
> I donot get any  errors in server console during deployment but when login
> ,I cannot login into Guvnor and I get password or user name incorrect.Can
> some one help me out  
>
>
>
>

More information about the rules-users mailing list