1 Reply Latest reply on Aug 11, 2004 5:52 PM by lucasam

Diferent atribute to math roles in LdapLoginModule

lucasam Aug 9, 2004 9:48 AM

That's the deal

The users in my ldap server are as the folowing

CN=Lucas Alves Machado - Company
objectclass=dominioPerson
uid=lucasa

And the roles are

CN=RoleName
objectclass=dominioGroup
member=Lucas Alves Machado - Company
member=Foo of Bar - Company

I am authenticating using username = lucasa, password=****
The autentication goes fine but i need to search for roles using the CN atribute of the user object. I found at the documentation a way to change the "context" of the roles but not the "atribute name"

the LDAP query to match my group would be as

(&(objectclass=dominioGroup)(member=Lucas Alves Machado - Company))

The problem is that i authenticate using lucasa and not "Lucas Alves Machado - Company"

Actualy my login-config.xml has the folowing

 <application-policy name="jndiTest">
 <authentication>
 <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
 <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
 <module-option name="java.naming.provider.url">ldap://10.XX.XX.XX:389/</module-option>
 <module-option name="java.naming.security.authentication">simple</module-option>
 <module-option name="principalDNPrefix"></module-option>
 <module-option name="principalDNSuffix"></module-option>

 <module-option name="rolesCtxDN">objectclass=dominoGroup</module-option>
 <module-option name="roleAttributeID">CN</module-option>
 <module-option name="uidAttributeID">member</module-option>
 <module-option name="matchOnUserDN">false</module-option>
 </login-module>
 </authentication>
 </application-policy>

and the log is as folowing

2004-07-09 10:22:34,263 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Created securityMgr=org.jboss.security.plugins.JaasSecurityManager@25ef73
2004-07-09 10:22:34,264 DEBUG [org.jboss.security.plugins.JaasSecurityManager.jndiTest] CachePolicy set to: org.jboss.util.TimedCachePolicy@8b6c39
2004-07-09 10:22:34,264 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] setCachePolicy, c=org.jboss.util.TimedCachePolicy@8b6c39
2004-07-09 10:22:34,264 DEBUG [org.jboss.security.plugins.JaasSecurityManagerService] Added jndiTest, org.jboss.security.plugins.SecurityDomainContext@16e334a to map

Regards,

Lucas Machado

1. Re: Diferent atribute to math roles in LdapLoginModule

lucasam Aug 11, 2004 5:52 PM (in response to lucasam)

To solve my problem i wrote my own realm
if anyone has the same problem and want some help i will be pleasure to send my code.
Soon i will publish it somewere, it is a specific realm to authenticate in openldap implementation from lotus notes 5.

If you want the code email to: l.fake@ximp.com.br

God bless the Open Source.
Actions