This content has been marked as final.
Show 2 replies
-
1. Re: ldap for authentication database for roles
darranl May 19, 2005 11:33 AM (in response to grimesp)Yes the two login modules can be chained together so that the LDAP login module is used to authenticate the user then the database login module is used to identify the roles.
http://www.jboss.com/index.html?module=bb&op=viewtopic&t=62597 -
2. Re: ldap for authentication database for roles
grimesp May 19, 2005 11:58 AM (in response to grimesp)Thanks for the tip, I got it to work!
For the benefit of others this is what my login-config.xml looks like:<application-policy name="ldap_security"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://yourdomain.com:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="allowEmptyPasswords">false</module-option> <module-option name="principalDNPrefix">cn=</module-option> <module-option name="principalDNSuffix">,ou=it,ou=administration,o=suu</module-option> <module-option name="matchOnUserDN">true</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required"> <module-option name="dsJndiName">java:/DefaultDS</module-option> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="rolesQuery"> select r.role,'Roles' from login_role r join person p on p.fk_login_role=r.id where p.username=? </module-option> </login-module> </authentication> </application-policy>