2 Replies Latest reply on Apr 1, 2004 8:09 AM by tim5901

LdapLoginModule Good login but page returned is 403

tim5901 Mar 30, 2004 2:07 PM

I am running jboss 3.2.1 with tomcat 4.1.24. I am trying to use basic authentication to authenticate back to a directory, which happens to be Novell's eDirectory 8.7.1. I have turned on the TRACE for the LdapLoginModule to check if the authentication is succeeding. From what I see in the trace it looks good. The last two lines are:

User 'tim' authenticated, LoginOk=true
commit, loginOk=true

But the page I get back in the browser is a 403 access denied page.

Am I being mislead by the trace log? or am I just going crazy?

1. Re: LdapLoginModule Good login but page returned is 403

starksm64 Mar 31, 2004 8:00 PM (in response to tim5901)

You have only showed the authentication step. You also have to be authorized to access the content.
Actions
2. Re: LdapLoginModule Good login but page returned is 403

tim5901 Apr 1, 2004 8:09 AM (in response to tim5901)

Thanks Scott for the reply. I finally figured out that it was my issue in not properly understanding the meaning of all the options that I had to specify. I pulled down the LdapLoginModule.java source, added a few more trace lines to see what was going on and found out I didn't need to have the roleAttributeIsDN option. Once I took this out it worked perfectly.

For anyone else who is interested. I have this working using Novell's eDirectory 8.7.1 with ldap. The users are specified in a User object and then assigned to Role objects that exist in a different OU. All of my users are in one OU. I have not tried it yet with different OUs, although I believe it will work. There are a two attributes on the role object that I had to grant Read/Compare permissions to [PUBLIC] to allow the ldap search to see them. These were the cn and the roleOccupant. I also had to add the roleOccupant to the Ldap Attributes list in the LDAP GROUP object for the server.
Actions

Go to original post