3 Replies Latest reply on Sep 27, 2004 3:11 PM by osganian

Authenicating users using LDAPLoginModule

osganian Sep 23, 2004 11:51 AM

Consider the following LDIF file:

...

dn: ou=Roles,o=MyOrg,dc=MyComp,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit

dn: ou=People,o=MyOrg,dc=MyComp,dc=com
ou: People
objectclass: top
objectclass: organizationalUnit

# People Entries
dn: cn=Bob Smith,ou=People,o=MyOrg,dc=MyComp,dc=com
objectClass: top
objectClass: person
objectClass: uidObject
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: Smith
cn: Bob Smith
uid: bsmith
userPassword: bsmith
description: A test user
mail: bsmith@mycomp.com

dn: cn=Admins,ou=Roles,o=MyOrg,dc=MyComp,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Admins
uniqueMember: cn=Bob Smith,ou=People,o=MyOrg,dc=MyComp,dc=com

I want to be able to login using bsmith/bsmith as the username/password. The problem that I am having is that I don't know how to configure the LDAPLoginModule to link bsmith the the common name.

Here is my jaas config:

MYLOGIN {
 org.jboss.security.auth.spi.LdapLoginModule required
 java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
 java.naming.provider.url="ldap://localhost:389/"
 java.naming.security.authentication="simple"
 principalDNPrefix="cn="
 principalDNSuffix=",ou=People,o=MyOrg,dc=MyComp,dc=com"
 rolesCtxDN="ou=Roles,o=MyOrg,dc=MyComp,dc=com"
 matchOnUserDN="true"
 uidAttributeID="uid"
 roleAttributeID="uniqueMember"
 allowEmptyPasswords="false";
};

Any suggestions? I want to have each person's DN be their common name and not their uid.

I get the "Invalid Credientals", "Password Incorrect/Password Required" exception because it can't find bsmith in the directory.

Thanks for any help,
Mike

1. Re: Authenicating users using LDAPLoginModule

starksm64 Sep 24, 2004 12:22 PM (in response to osganian)

Check out the documentation in chap 8 of the Free Online JBoss Documentation found here:

http://www.jboss.org/docs/index
Actions
2. Re: Authenicating users using LDAPLoginModule

osganian Sep 24, 2004 1:46 PM (in response to osganian)

Thanks for the reply. If I'm reading it right does it mean that I cannot specify each person's DN using the common name (cn=...) but rather the username (uid=...)?
Actions
3. Re: Authenicating users using LDAPLoginModule

osganian Sep 27, 2004 3:11 PM (in response to osganian)

So is my findings correct??? You cannot specify people in an LDAP server like cn=Bob Smith,ou=People,... when using the LDAPLoginModule provided by JBoss? All people must be specified as uid=bsmith,ou=People,...???

Basically, I would like to specify people in my LDAP server as cn=Bob Smith,ou=People,... but when they login have them enter the username bsmith and have them be found and authenicated.

If anybody knows for sure it would be appreciated.

Thanks,
Mike
Actions

Go to original post