[rules-users] Connection with Active Directory multiple organizational units
Jervisliu
jliu at redhat.com
Sat Jun 19 15:25:58 EDT 2010
Are you using JBOSS AS for deploying Guvnor? You may want to try a newer
version of JBOSS AS. Guvnor just uses standard JAAS , in your case, if
there is sth wrong, its more likely its sth wrong with the
LdapExtLoginModule.
Cheers,
Jervis
wrote:
> I am able to authenticate with Active Directory but with only a single
> organizational unit but not with users of multiple organizational units
> This is my organizational structure
> +cn=test,cn=con
> --+ou=Sample1
> -----uid:user1,uid:user2
> --+ou=Sample2
> -----uid:user3,uid:user4
> --+roles
> -----admin:uid:user1,user3
> -----user:uid:user2,user4
>
> I have set the admin rights accordingly in Guvnor.
> I am using Jboss Guvnor standalone 4.2.3 and I am trying to connect
> multiple organizational units using JAAS
> my login-config.xml
> ---------------------
> <application-policy name="adConnection">
> <authentication>
> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" >
> <module-option
> name="java.naming.provider.url">ldap://c.test.com:389/</module-option>
> <module-option
> name="java.naming.security.authentication">simple</module-option>
> <module-option
> name="bindDN">CN=Administrator,CN=Users,dc=test,dc=com</module-option>
> <module-option name="bindCredential">password</module-option>
> <module-option name="baseCtxDN">OU=Sample1,dc=test,dc=com</module-option>
> <module-option name="baseFilter">(CN={0})</module-option>
> <module-option name="rolesCtxDN">OU=roles,dc=test,dc=com</module-option>
> <module-option name="uidAttributeID">member</module-option>
> <module-option name="matchOnUserDN">true</module-option>
> <module-option name="roleFilter">(member={1})</module-option>
> <module-option name="roleAttributeID">CN</module-option>
> <module-option name="roleRecursion">-1</module-option>
> </login-module>
> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
> flag="required" >
> <module-option
> name="java.naming.provider.url">ldap://c.test.com:389/</module-option>
> <module-option
> name="java.naming.security.authentication">simple</module-option>
> <module-option
> name="bindDN">CN=Administrator,CN=Users,dc=test,dc=com</module-option>
> <module-option name="bindCredential">password</module-option>
> <module-option name="baseCtxDN">OU=Sample2,dc=test,dc=com</module-option>
> <module-option name="baseFilter">(CN={0})</module-option>
> <module-option name="rolesCtxDN">OU=roles,dc=test,dc=com</module-option>
> <module-option name="uidAttributeID">member</module-option>
> <module-option name="matchOnUserDN">true</module-option>
> <module-option name="roleFilter">(member={1})</module-option>
> <module-option name="roleAttributeID">CN</module-option>
> <module-option name="roleRecursion">-1</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
> and my component.xml
> -------------------------
> <security:identity authenticate-method="#{authenticator.authenticate}"
> jaas-config-name="adConnection"/>
>
> I donot get any errors in server console during deployment but when login
> ,I cannot login into Guvnor and I get password or user name incorrect.Can
> some one help me out
>
>
>
>
More information about the rules-users
mailing list