again a problem with LdapLoginModule
fauge Mar 29, 2004 9:37 AMHi,
I searched in the forum, and found things, but never all the correct informations somewhere. I also read the jaas-howto, but not much about ldap.
Well it's been 2 days, and I can't have the roles for my users !
First, the ldap structure:
This is the Tomcat sample schema which is exactly the structure I have here.
dc=mycompany,dc=com |_ ou=people |_ uid=user1 |_ uid=user2 |_ ou=groups |_ cn=role1 uniqueMember=uid=user1,ou=people,dc=mycompany,dc=com uniqueMember=uid=user2,ou=people,dc=mycompany,dc=com |_ cn=role2 uniqueMember=uid=user2,ou=people,dc=mycompany,dc=com
I can authenticate users (on openldap), but they never have their roles...
I'm sure about my ldap, it works nice with Tomcat.
Here is my config:
<application-policy name="sicliRealm"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://localhost:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=people,dc=mycompany,dc=com</module-option> <module-option name="rolesCtxDN">ou=groups,dc=mycompany,dc=com</module-option> <module-option name="uidAttributeID">uniqueMember</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="matchOnUserDN">false</module-option> </login-module> </authentication> </application-policy>
I tried so many combinations, but never had any roles on a user.
So my first question is, what's wrong ? how should I setup the LdapLoginModule ?
My second problem is with Oracle OID, it needs authentification before any ldap access.
I tried those properties (found somewhere in the forum) but nothing changed:
<module-option name="java.naming.security.principal">uid=user1,ou=people,dc=mycompany,dc=com</module-option> <module-option name="java.naming.security.credentials">user1Pass</module-option>
How to be authenticated ?
Thanks a lot,
Frederic