[teiid-issues] [JBoss JIRA] (TEIID-3460) Alternative approach to map roles for a Teiid user via ldap login module instead of RoleMappingLoginModule(ie.with out using properties file )
Anu Saji (JIRA)
issues at jboss.org
Tue Apr 28 21:42:52 EDT 2015
Anu Saji created TEIID-3460:
-------------------------------
Summary: Alternative approach to map roles for a Teiid user via ldap login module instead of RoleMappingLoginModule(ie.with out using properties file )
Key: TEIID-3460
URL: https://issues.jboss.org/browse/TEIID-3460
Project: Teiid
Issue Type: Feature Request
Components: LDAP Connector
Affects Versions: 8.7
Reporter: Anu Saji
Assignee: Steven Hawkins
For the following ldap based login module
~~~
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
<module-option name="java.naming.provider.url"><hostname></module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option name="bindDN"><username></module-option>
<module-option name="bindCredential"><password></module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="baseCtxDN">ou=people,dc=gene,dc=com</module-option>
<module-option name="roleFilter">(uniquemember={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="searchTimeLimit">10000</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
<module-option name="java.naming.provider.url"><hostname></module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option name="bindDN"><username></module-option>
<module-option name="bindCredential"><password></module-option>
<module-option name="baseFilter">(cn={0})</module-option>
<module-option name="baseCtxDN">ou=Apps,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option name="roleFilter">(uniquemember={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="searchTimeLimit">10000</module-option>
</login-module>
<!-- Map the Active Directory/LDAP Groups/Roles to meaningful JBoss roles -->
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
<module-option name="rolesProperties">props/ldap-eds-rolemapping.properties</module-option>
</login-module>
~~~
Is there a way around not using the RoleMappingLoginModule (to avaoid usage of properties file )
Instead use something similar to the declaration in a "web.xml" towards role mapping like below ?
~~~
<auth-constraint>
<role-name>TeiidAdmin</role-name>
</auth-constraint>
...
<security-role>
<role-name>TeiidAdmin</role-name>
</security-role>
~~~
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
More information about the teiid-issues
mailing list