-
1. Re: ldap security,any help appreciated
jwkaltz Aug 8, 2002 5:25 AM (in response to ukamath)> yet when i run i get this error
(...)
> [OM] Insufficient method permissions,
> principal=UKamath, method=
> create, requiredRoles=[omsuser]
You don't provide much information (such as, what is it you are trying to run), but judging from the error message, my best guess is :
you're calling ejb create(), and you deployed the ejb with security constraints specifying that its methods (or at least its create method) requires the user to be in the role omsuser. And the user who is logging in is not in that role. -
2. Re: ldap security,any help appreciated
ukamath Aug 8, 2002 10:53 AM (in response to ukamath)Thanks for your reply on Jboss, i ma writing the mail to your accoutn as i found no one replies except some pople like you, so please i would be obliged if you spend 2 minutes and see if i am doing something wrong.
1. My Server is Jboss(2.2.2, not 3.0 because of soem transaction problems and not 2.4.* becuase of classloader problems between mbeans and deployed beans) and my directory is
iPlane 5.1
2. I ahve my directory structure as
com
eidea
ou=People
cn=UKamath
ou=Groups
cn=omsuser
uniquemember=UKamath
I added allthis using iPlanet console.
3. My auth.conf looks like
OMSLDAP {
org.jboss.security.plugins.samples.LdapLoginModule required
java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
principalDNPrefix="uid="
principalDNSuffix=",ou=People,dc=eidea,dc=com"
rolesCtxDN="ou=Groups,dc=eidea,dc=com"
roleAttributeID="cn"
uidAttributeID="uniquemember"
java.naming.provider.url="ldap://ares.eidea.com:389/"
java.naming.security.authentication="simple"
matchOnUserDN=true
unauthenticatedIdentity="nobody"
;
};
4. My ejb is a session bean with one method (for testing) needing security at create and at the method and the role is "omsuser".
5. When i login at client using CLientLoginModule giving userid (UKamath) and password, the server says the user doesn't have the role of omsuser.
6. Either i am not setting the directory with right stuff or my auth.conf needs a small change as it logs on but no role mapping?
Please help
Uday -
3. I figured it out
ukamath Aug 8, 2002 1:20 PM (in response to ukamath)I wrote my own custom ldap login module to do that and was sucessful..
UDay