-
1. Re: LDapLoginModule and Active Directory
sandipan_s Jun 6, 2005 4:52 PM (in response to dtauber)Hi,
I am facing the similar problem. Have you got any luck.
Thanks -
2. Re: LDapLoginModule and Active Directory
jed204 Jun 13, 2005 11:13 PM (in response to dtauber)I couldn't get this to work on JBoss 3.x.
I recently upgraded to 4.0.2 and changed the line above from:
<module-option name="roleAttributeIsDN">false</module-option>
To 'true' instead of false. This is because the 'memberOf' is a DN under the user DN.
Things are working for me. Hope this helps!
-Jed -
3. Re: LDapLoginModule and Active Directory
jed204 Jun 13, 2005 11:32 PM (in response to dtauber)I just tried this in JBoss 3.2.6, it works as well as in 4.0.2:
<application-policy name="ApplicationModuleName">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://192.168.1.1:389</module-option>
<module-option name="rolesCtxDN">CN=Users,DC=MyCompany,DC=com</module-option>
<module-option name="principalDNSuffix">@MyCompany.com</module-option>
<module-option name="matchOnUserDN">false</module-option>
<module-option name="uidAttributeID">sAMAccountName</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">name</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
</login-module>
</application-policy>
For this I just login with my username (no domain name).
Good Luck!
-Jed