JAAS + LDAP
tool Sep 12, 2002 2:26 PMHello.
I am using JBoss 3.0.1 Tomcat 4.0.4 and have an LDAP server configured and running with user and roles object classes. The attributes are the same as listed in the JBoss 3.0.x Book and the server-side setup is the same too.
When I log in using a FORM based login page I get the following server message:
13:28:35,397 INFO [STDOUT] [LdapLM] providerURL = ldap://192.5.148.85:3890/
13:28:35,400 INFO [STDOUT] [LdapLM] userDN = uid=oasis,ou=People,dc=dise,dc=com
13:28:35,625 INFO [STDOUT] [LdapLM] rolesCtxDN = cn=JBossSX Tests,ou=Roles,dc=dise,dc=com
13:28:35,628 INFO [STDOUT] [LdapLM] uidAttrName = uid
13:28:35,630 INFO [STDOUT] [LdapLM] roleAttrName = roleName
13:28:35,632 INFO [STDOUT] [LdapLM] Searching for Roles.......
13:28:35,636 INFO [STDOUT] [LdapLM] Using -> roleAttr = roleName
13:28:35,638 INFO [STDOUT] [LdapLM] Using -> uidAttrName = {uid=uid: oasis}
13:28:35,640 INFO [STDOUT] [LdapLM] Using -> rolesCtxDN = cn=JBossSX Tests,ou=Roles,dc=dise,dc=com
13:28:35,697 INFO [STDOUT] [LdapLM] Naming exception thrown--->
13:28:35,700 ERROR [STDERR] javax.naming.NameNotFoundException: [LDAP: error code 32 - No Such Object]; remaining name 'cn=JBossSX Tests,ou=Roles,dc=dise,dc=com'
The user gets authenticated, because if I enter an incorrect password in the login page, i get a failed to validate password error and the login failed page. I think the LdapLoginModule just can't find the Roles that I assign to users in the Ldap database for some reason.
my login-config.xml entries are:
the JBIRealm entry is the realm defined in the web.xml for the form-based login, and the JBIDomain is the name of my security domain defined in jboss and jboss-web.xml.....
<application-policy name="JBIRealm">
<login-module code = "org.jboss.resource.security.ConfiguredIdentityLoginModule" flag = "required">
<module-option name = "userName">admin</module-option>
<module-option name = "password">password</module-option>
</login-module>
</application-policy>
<application-policy name="JBIDomain">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://192.5.148.85:3890/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="uidAttributeID">uid</module-option>
<module-option name="roleAttributeID">roleName</module-option>
<module-option name="principalDNSuffix">,ou=People,dc=dise,dc=com</module-option>
<module-option name="rolesCtxDN">cn=JBossSX Tests,ou=Roles,dc=dise,dc=com</module-option>
<module-option name="hashAlgorithm">MD5</module-option>
</login-module>
</application-policy>
Does anyone have an idea or an example on how to correctly configure the LDAP server and JBoss server so that the Roles stored in the LDAP server get found by the LdapLoginModule?
Any comments, ideas or examples would be greatly appreciated.
Thank you,
Brian