JBoss LDAP authenticated really ??
mactetz Nov 29, 2001 9:38 AMhi
I have a problem with my jboss-2.4.3 with tomcat-3.2.3 configuration.
I use LdapLoginModule for authentication.
My LDAP-Server is a Netscape Directory Server 4.1.
When I input my username and passwort in the 'input-box' of the secured area jboss saith User 'tomcat' authenticated. but the 'input-box' is back again.
There is no change at the logfile after a second try.
my settings are:
jboss-web.xml in WEB-INF directory in secure.war
<?xml version="1.0"?>
<jboss-web>
<security-domain>java:jaas/ldap</security-domain>
</jboss-web>
/conf/tomcat/auth.conf
..
ldap {
org.jboss.security.plugins.samples.LdapLoginModule required
java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
principalDNPrefix="cn="
principalDNSuffix=",ou=People,dc=metris,dc=de"
rolesCtxDN="ou=Groups,dc=metris,dc=de"
roleAttributeID="cn"
uidAttributeID="uniqueMember"
java.naming.provider.url="ldap://161.71.70.216:389/"
java.naming.security.authentication="simple"
matchOnUserDN=true
unauthenticatedIdentity="nobody"
;
};
LDAP-configuration:
dnroot= cd=mycompany,dc=de
standard 'People' and 'Groups' entries of netscape server:
ou=People
objectclass=top
objectclass=organizationalunit
ou=Groups
objectclass=top
objectclass=organizationalunit
#an user tomcat
cn=tomcat
sn=tomcat
objectclass=top
objectclass=inetorgperson
userpassword=tomcat (cleartext)
#a group tomcat including one user 'tomcat'
objectclass=top
objectclass=groupofuniquenames
uniquemember=cn=tomcat,ou=People,dc=mycompany,dc=de
cn=tomcat
server.log:
[Default] username: tomcat password: tomcat
[Default] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, unauthenticatedIdentity=nobody, principalDNPrefix=cn=, java.naming.security.principal=cn=tomcat,ou=People,dc=metris,dc=de, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,ou=People,dc=metris,dc=de, rolesCtxDN=ou=Groups,dc=metris,dc=de, java.naming.provider.url=ldap://161.71.70.216:389/, uidAttributeID=uniqueMember, java.naming.security.authentication=simple, java.naming.security.credentials=tomcat}
[Default] Logged into LDAP server, javax.naming.ldap.InitialLdapContext@3f1d3b
[Default] rolesCtxDN IST VORHANDEN
[Default] try 2 find attributes
[Default] rolesCtxDN: ou=Groups,dc=metris,dc=de
[Default] BasicAttr: {uniquemember=uniqueMember: cn=tomcat,ou=People,dc=metris,dc=de}
[Default] Context: NameInSpace
[Default] Context: Environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, unauthenticatedIdentity=nobody, principalDNPrefix=cn=, java.naming.security.principal=cn=tomcat,ou=People,dc=metris,dc=de, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,ou=People,dc=metris,dc=de, rolesCtxDN=ou=Groups,dc=metris,dc=de, java.naming.provider.url=ldap://161.71.70.216:389/, java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces, uidAttributeID=uniqueMember, java.naming.security.authentication=simple, java.naming.security.credentials=tomcat}
[Default] roleAttr: cn
[Default] User 'tomcat' authenticated.
it seems, that jboss authenticate the user against ldapserver but don´t find the role for this user.
Who can help me ?
Mac