Using JBoss 2.4.4 and Tomcat 4.0.1, I've created the following auth.conf for LDAP login which works up to a point.
ldap {
org.jboss.security.auth.spi.LdapLoginModule required
java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
java.naming.provider.url="ldap://dmsm:389/o=erms"
java.naming.security.principal="cn=Manager,o=erms"
java.naming.security.authentication="simple"
java.naming.security.credentials="xxxxxx"
principalDNPrefix="cn="
principalDNSuffix=",ou=users,o=erms"
rolesCtxDN="cn"
roleAttributeID="ou=roles,o=erms"
uidAttributeID="uniqueMember"
matchOnUserDN=true
;
};
The problem is that when I login it attempts to bind to the LDAP server using the login users DN instead of the java.naming.security.principal ie the LDAP log shows BIND "cn=steve,ou=users,o=erms" instead of BIND "cn=Manager,o=erms". This is then rejected by the LDAP server and consequently login fails.
Has anyone come acorss this and found a way around it?
Steve