1 Reply Latest reply on Jan 28, 2002 6:13 AM by jwkaltz

LdapLoginModule should be more Flexible

swatkat Jan 28, 2002 5:50 AM

Hi,
I am currently using JBoss 2.4.4/Jetty with Postgres and Openldap 2.18.
I am also using LdapLoginModule for authentication purpose.

Now for small user database and non diverse application hosted on my server, i find the current LdapLoginModule to be sufficient. But as we deploy more and more application on the server and want to seperate the user/role for each application specific domain under different hierarchies and there by improving security.

The current LdapLoginModule asks for a statically named rolesContextDN for searching the user role but what if the roles DN is different from what is hard coded in the auth.conf , i.e. an the role dn might be different for different users who belong to seperate business domain running under the same application server.

Is it possible to use the LdapLoginModule skeleton and build our own CustomLdapLoginModule and provide some different logic to make it a bit more dynamic ?

If yes. can any one lead me to the way how to integrate it with my current setup ?

1. Re: LdapLoginModule should be more Flexible

jwkaltz Jan 28, 2002 6:13 AM (in response to swatkat)

If your authorization is based on simple username/password, then it's really easy to write your own "LdapLoginModule" (or whatever). All you need to do is subclass org.jboss.security.auth.spi.UsernamePasswordLoginModule
and provide an implementation for
protected String getUsersPassword() throws LoginException
and
protected Group[] getRoleSets() throws LoginException

You will find examples of this in the JBoss source code or in the JBossSX documentation.
The only tricky thing (in my opinion) is that you need to define your login module in your auth.conf as follows:
org.jboss.security.auth.spi.ProxyLoginModule required
moduleName=com.whatever.MyLoginModule
Actions