-
1. Re: LdapLoginModule Good login but page returned is 403
starksm64 Mar 31, 2004 8:00 PM (in response to tim5901)You have only showed the authentication step. You also have to be authorized to access the content.
-
2. Re: LdapLoginModule Good login but page returned is 403
tim5901 Apr 1, 2004 8:09 AM (in response to tim5901)Thanks Scott for the reply. I finally figured out that it was my issue in not properly understanding the meaning of all the options that I had to specify. I pulled down the LdapLoginModule.java source, added a few more trace lines to see what was going on and found out I didn't need to have the roleAttributeIsDN option. Once I took this out it worked perfectly.
For anyone else who is interested. I have this working using Novell's eDirectory 8.7.1 with ldap. The users are specified in a User object and then assigned to Role objects that exist in a different OU. All of my users are in one OU. I have not tried it yet with different OUs, although I believe it will work. There are a two attributes on the role object that I had to grant Read/Compare permissions to [PUBLIC] to allow the ldap search to see them. These were the cn and the roleOccupant. I also had to add the roleOccupant to the Ldap Attributes list in the LDAP GROUP object for the server.