-
1. Re: Pairing ldaploginmodule and databaseserverloginmodule
tcherel Apr 12, 2005 2:58 PM (in response to saifi27)
I do not think you can really pair the two modules together although I am not certain (but possible only if they have been designed to do that).
One option is to use the ldaploginmodule "as is" and write your own databaseserverloginmodule (you can restart from the JBoss one) to skip the authentication part and just populate the roles of the authenticated user.
Then, by chaining these two modules in the auth.conf (ldap first to authenticate, then new database module second to populate the roles) you should get what you want.
Check the sticky "README FIRST" of this forum to get a URL to the JBoss JAAS HowTo. It provides everything you need to write your custom database module.
Thomas -
2. Re: Pairing ldaploginmodule and databaseserverloginmodule
saifi27 Apr 12, 2005 3:11 PM (in response to saifi27)Can password-stack option be used to achieve something similar to this ?
-
3. Re: Pairing ldaploginmodule and databaseserverloginmodule
tcherel Apr 12, 2005 3:17 PM (in response to saifi27)It might, but I am not familiar enough with the password-stack mechanism to be 100% sure.
Thomas -
4. Re: Pairing ldaploginmodule and databaseserverloginmodule
darranl Apr 12, 2005 4:05 PM (in response to saifi27)Yes you can achieve this by using the 'password-stacking' option.
This is the configuration I have used to use the LDAP security module for user authentication and the UserRolesLoginModule for role identification.
The UserRolesLoginModule should be replaced with the database login module.
Ignore the class name of the LDAP login module, I have been looking at an enhancement so have a clone of it in my own package for the moment.<application-policy name = "DarranLSecurity"> <authentication> <login-module code = "com.darranl.security.spi.LdapLoginModule" flag = "required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="java.naming.provider.url">ldap://localhost:58488</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=People</module-option> </login-module> <login-module code = "com.darranl.security.spi.UsersRolesLoginModule" flag = "required"> <module-option name="password-stacking">useFirstPass</module-option> </login-module> </authentication> </application-policy>
-
5. Re: Pairing ldaploginmodule and databaseserverloginmodule
saifi27 Apr 12, 2005 4:08 PM (in response to saifi27)Thanks for that ..
So we can use databaseserverloginmodule in place of UsersRolesLoginModule ... how would we define the principal query and roles query in that scenario ?? -
6. Re: Pairing ldaploginmodule and databaseserverloginmodule
saifi27 Apr 12, 2005 6:46 PM (in response to saifi27)Thanks guys ... it worked for me !