0 Replies Latest reply on Dec 2, 2003 9:59 AM by gmccallu

    Using JBoss LdapLoginModule to get an authenticated users' r

    gmccallu
    gmccallu Dec 2, 2003 9:59 AM

      Hi,

      Ive successfully authenticated a user against an LDAP directory using the JBoss LdapLoginModule (v3.2.1).

      Now, when i use ldapsearch on the unix command line i can see that the username/password i am searching for has various pieces of information attached to it, one of these being the authorization roles. What im currently having trouble doing is to get access to these roles within the Java code.

      The javadocs for the LdapLoginModule highlight that we can use options such as "userRolesCtxDNAttributeName" and "rolesCtxDN" to specify various pieces of information relating to a role search.

      I have tried to use these options to get the LdapLoginModule.getRoleSets() API to return to me the roles that i can see for the ldapsearch command on the command line, but using the JBoss LdapLoginModule, i cannot see them.

      Has anyone had experience of using these, and if so could you help me with this issue.

      For your information, here is the login module config:

      mycorpLdap3 {
      com.mycorp.testclient.security.auth.login.LDAPLoginModule \
      REQUIRED \
      debug="true" \
      java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory" \
      java.naming.provider.url="ldap://1.2.3.4:389/" \
      java.naming.security.authentication="simple" \
      principalDNPrefix="cn=" \
      principalDNSuffix=",ou=testclient,o=mycorp" \
      userRolesCtxDNAttributeName="cn=mycorpRoleList";
      };

      and the information from the ldapsearch on my unix box:

      prompt[456]%ldapsearch -h 1.2.3.4 -p 389 -b uid=admin,ou=testclient,o=mycorp -w admin -x
      ldap_init( 1.2.3.4, 389)
      filter: (objectclass=*)
      requesting: ALL
      # extended LDIF
      #
      # LDAPv3
      # base <uid=admin,ou=testclient,o=mycorp> with scope sub
      # filter: (objectclass=*)
      # requesting: ALL
      #

      # admin, testclient, mycorp
      dn: uid=admin,ou=testclient,o=mycorp
      uid: admin
      givenName: admin
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetorgperson
      objectClass: mycorpRoleOccupancy
      objectClass: mycorpSubscriber
      sn: admin
      cn: admin
      mycorpRoleList: cn=SUPERVISOR_ROLE,ou=testclient,o=mycorp
      mycorpRoleList: cn=SELF_MANAGE_ROLE,ou=testclient,o=mycorp
      clearpassword:

      # search result
      search: 2
      result: 0 Success

      # numResponses: 2
      # numEntries: 1


      Thanks in advance for any help on this matter.

      Regards,
      Gavin.

      • 2179 Views
      • Tags: