7 Replies Latest reply on Sep 19, 2001 3:54 AM by lrem

    LdapLoginModule.java

    lrem
    lrem Aug 27, 2001 6:07 AM

      Hi there,

      I was wondering if there is any reason why the match statement of the InitialLdapContext search looks for only the username and not the fully qualified userDN?

       String roleAttrName = (String) options.get(ROLE_ATTRIBUTE_ID_OPT);
 if( roleAttrName == null )
 roleAttrName = "roles";
 BasicAttributes matchAttrs = new BasicAttributes(true);
 matchAttrs.put(uidAttrName, username);
 String[] roleAttr =
 {roleAttrName};
 try
 {
 NamingEnumeration answer = ctx.search(rolesCtxDN, matchAttrs, roleAttr);


      My roles are set up with a list of uniquemembers which are fully qualified DNs (ie. uniquemember=uid=fred, ou=People, o=somewhere.co.uk). Is this not the normal way it is done?

      • 15703 Views
      • Tags:
        • 1. Re: LdapLoginModule.java
          starksm64
          starksm64 Sep 8, 2001 11:32 AM (in response to lrem)

          That is one way of doing it. An option should be added to indicate whether the username as passed to the login module should be used or the userDN.

            • Actions
          • 2. Re: LdapLoginModule.java
            lrem
            lrem Sep 10, 2001 4:23 AM (in response to lrem)

            Thanks for changing the code to allow this

              • Actions
            • 3. Re: LdapLoginModule.java
              prashu
              prashu Sep 16, 2001 11:00 AM (in response to lrem)

              Hi all,
              Can anyone pls tell me how to configure LDAP with JBoss ???
              I m very new to LDAP & have no idea abt LDAP.
              Does it require any LDAP s/w ??? If so, how to configure it with JBoss ??? From where will I get it ??
              Also, is there any sample code provided using LDAP with JBoss ????

              Thanks & Regards,
              Prashant

                • Actions
              • 4. Re: LdapLoginModule.java
                rndgatewaynet
                rndgatewaynet Sep 19, 2001 2:27 AM (in response to lrem)

                lrem, can you please provide the .ldif files that makes up your db,
                along with your auth.conf file??
                thanx

                  • Actions
                • 5. Re: LdapLoginModule.java
                  rndgatewaynet
                  rndgatewaynet Sep 19, 2001 2:37 AM (in response to lrem)

                  I mean it seems to me that the LdapLoginModule is designed
                  as to *select* the rolenames where uidattribute=*user supplied id",
                  or uidattribute="user's DN", but what we need at the end is
                  a list of pure role names like:
                  description: role1
                  description: role2
                  and so on.
                  If we set up the roles to be uniquemembers of
                  a groupofuniquenames object, all we get is something like
                  uniquemember: cn=role1
                  uniquemember: cn=role2, which clearly will fail the authorization
                  since what we need is to get role1,role2.

                  Am i missing some part?
                  How did you do it?

                    • Actions
                  • 6. Re: LdapLoginModule.java
                    rndgatewaynet
                    rndgatewaynet Sep 19, 2001 2:41 AM (in response to lrem)

                    Also, since most commercial ldap configurations (like lotus domino notes server), represent the groups like a set of persons,
                    it would be natural to search for group names that *have* this
                    user instead of searching for the roles of a user.

                    Any thoughts???

                      • Actions
                    • 7. Re: LdapLoginModule.java
                      lrem
                      lrem Sep 19, 2001 3:54 AM (in response to lrem)

                      Groups = Roles

                        • Actions