5 Replies Latest reply on Dec 6, 2001 9:19 AM by mactetz

    JBoss LDAP authenticated really ??

    mactetz

      hi
      I have a problem with my jboss-2.4.3 with tomcat-3.2.3 configuration.
      I use LdapLoginModule for authentication.
      My LDAP-Server is a Netscape Directory Server 4.1.

      When I input my username and passwort in the 'input-box' of the secured area jboss saith User 'tomcat' authenticated. but the 'input-box' is back again.
      There is no change at the logfile after a second try.

      my settings are:
      jboss-web.xml in WEB-INF directory in secure.war
      <?xml version="1.0"?>
      <jboss-web>
      <security-domain>java:jaas/ldap</security-domain>
      </jboss-web>

      /conf/tomcat/auth.conf
      ..
      ldap {
      org.jboss.security.plugins.samples.LdapLoginModule required
      java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
      principalDNPrefix="cn="
      principalDNSuffix=",ou=People,dc=metris,dc=de"
      rolesCtxDN="ou=Groups,dc=metris,dc=de"
      roleAttributeID="cn"
      uidAttributeID="uniqueMember"
      java.naming.provider.url="ldap://161.71.70.216:389/"
      java.naming.security.authentication="simple"
      matchOnUserDN=true
      unauthenticatedIdentity="nobody"
      ;
      };

      LDAP-configuration:
      dnroot= cd=mycompany,dc=de
      standard 'People' and 'Groups' entries of netscape server:
      ou=People
      objectclass=top
      objectclass=organizationalunit

      ou=Groups
      objectclass=top
      objectclass=organizationalunit

      #an user tomcat
      cn=tomcat
      sn=tomcat
      objectclass=top
      objectclass=inetorgperson
      userpassword=tomcat (cleartext)

      #a group tomcat including one user 'tomcat'
      objectclass=top
      objectclass=groupofuniquenames
      uniquemember=cn=tomcat,ou=People,dc=mycompany,dc=de
      cn=tomcat

      server.log:
      [Default] username: tomcat password: tomcat
      [Default] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, unauthenticatedIdentity=nobody, principalDNPrefix=cn=, java.naming.security.principal=cn=tomcat,ou=People,dc=metris,dc=de, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,ou=People,dc=metris,dc=de, rolesCtxDN=ou=Groups,dc=metris,dc=de, java.naming.provider.url=ldap://161.71.70.216:389/, uidAttributeID=uniqueMember, java.naming.security.authentication=simple, java.naming.security.credentials=tomcat}
      [Default] Logged into LDAP server, javax.naming.ldap.InitialLdapContext@3f1d3b
      [Default] rolesCtxDN IST VORHANDEN
      [Default] try 2 find attributes
      [Default] rolesCtxDN: ou=Groups,dc=metris,dc=de
      [Default] BasicAttr: {uniquemember=uniqueMember: cn=tomcat,ou=People,dc=metris,dc=de}
      [Default] Context: NameInSpace
      [Default] Context: Environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, unauthenticatedIdentity=nobody, principalDNPrefix=cn=, java.naming.security.principal=cn=tomcat,ou=People,dc=metris,dc=de, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,ou=People,dc=metris,dc=de, rolesCtxDN=ou=Groups,dc=metris,dc=de, java.naming.provider.url=ldap://161.71.70.216:389/, java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces, uidAttributeID=uniqueMember, java.naming.security.authentication=simple, java.naming.security.credentials=tomcat}
      [Default] roleAttr: cn
      [Default] User 'tomcat' authenticated.

      it seems, that jboss authenticate the user against ldapserver but don´t find the role for this user.

      Who can help me ?

      Mac

        • 1. Re: JBoss LDAP authenticated really ??
          mactetz

          Oh, I forgot.

          useing UsersRolesLoginModule, authetication works

          • 2. Re: JBoss LDAP authenticated really ??
            erdkal

            Hi,
            I read your hot discussion about LDAP-Authentication.
            Can you send me a kind of tutorial, to show, what
            I shall do to make this authentication.

            Please I send me reply.

            Thanks
            ER

            • 3. Re: JBoss LDAP authenticated really ??
              mactetz

              hi erdkal
              I have no real tutorial for this.
              I only have read jboss documentation on this site and the entries in the forum/security&jbossSX.

              all what you need should be above.

              additional:
              my web.xml file

              <?xml version="1.0" encoding="ISO-8859-1"?>

              <web-app>
              <security-constraint>
              <web-resource-collection>
              <web-resource-name>Security Area</web-resource-name>
              <url-pattern>/secureArea/*</url-pattern>
              <http-method>DELETE</http-method>
              <http-method>GET</http-method>
              <http-method>POST</http-method>
              <http-method>PUT</http-method>
              </web-resource-collection>
              <auth-constraint>
              <role-name>tomcat</role-name>
              </auth-constraint>
              </security-constraint>

              <login-config>
              <auth-method>BASIC</auth-method>
              <realm-name>DBUser</realm-name>
              </login-config>

              <security-role>
              <role-name>tomcat</role-name>
              </security-role>
              </web-app>

              the url is know: "http://127.0.0.1:8080/secure/secureArea"

              • 4. Re: JBoss LDAP authenticated really ??
                erdkal

                Hi MacTetz,

                Thanks for your reply.
                I try to realize the JBoss LDAP authentication, I hope
                without any problems.

                erdkal

                • 5. Re: JBoss LDAP authenticated really ??
                  mactetz

                  Yeah

                  I don´t know how and why but now it works!

                  I´ve done some changes at auth.conf :-)

                  thank you for your effort