2 Replies Latest reply on Sep 20, 2004 9:02 PM by andrew.daws

    LDAP Security Realm problem

    andrew.daws

      Hi folks,

      My apologies if this is a dumb question, but I've looked through the FAQ, the Admin Guide etc. and I'm none the wiser at this stage. When I have an LdapLoginModule and ClientLoginModule on the client side all works perfectly, but when I try to set up the LDAP domain server-side the weirdness starts.

      I don't see any error message in the logs at all, but the domain simply does not appear in the JNDI tree at all. My login-config lists a number of domains, all of which appear under jaas:/DomainName, but the LDAP domain is missing.

      I'm running JBoss 3.2.5, and my login-config.xml looks like the following:

      <policy>
       <!-- Ldap security Realm -->
       <application-policy name = "LDAPDomain">
       <authentication>
       <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag="required">
       <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
       <module-option name = "java.naming.provider.url">ldap://server.my.net:port/</module-option>
       <module-option name = "java.naming.security.authentication">simple</module-option>
       <module-option name = "principalDNPrefix">uid=</module-option>
       <module-option name = "uidAttributeID">userid</module-option>
       <module-option name = "roleAttributeID">roleName</module-option>
       <module-option name = "principalDNSuffix">,ou=People,dc=company,dc=net</module-option>
       <module-option name = "rolesCtxDN">cn=JBossSX Tests,ou=Roles,o=mycompany</module-option>
       <module-option name = "hashAlgorithm">MD5</module-option>
       <module-option name = "hashEncoding">base64</module-option>
       </login-module>
       </authentication>
       </application-policy>
      
       .... (other domains)
      
      </policy>
      



      The (partial) result of a look at the JNDIView in the JMX Console:
       +- jaas (class: javax.naming.Context)
       | +- JmsXARealm (class: org.jboss.security.plugins.SecurityDomainContext)
       | +- DBDomain (class: org.jboss.security.plugins.SecurityDomainContext)
       | +- jbossmq (class: org.jboss.security.plugins.SecurityDomainContext)
       | +- HsqlDbRealm (class: org.jboss.security.plugins.SecurityDomainContext)
      


      All my other realms/domains are present, including a DbLoginModule defined one, but the Ldap domain is missing. Is there anything obvious that might cause such behaviour?

      Thanks,

      Andrew.