Jboss4 - Jaas - OpenLdap configuration problem
kristofv2002 Jun 17, 2005 8:21 AMHi,
I'm having trouble configuring the JndiLogin.
I have an OpenLDAP server which is configured as follows:
o=sector
|
|--c=region
|
|--o=pgroupA
| |
| |--cn=userA with UID=ABC_UA1
| |--cn=userB with UID=ABC_UB1
|--o=pgroupB
|
|--cn=userA with UID=DBC_UA1
|--cn=userB with UID=DBC_UB1
So i have to search for my users with the UID
I have this working in Tomcat 5.0, however when i try to use JAAS instead of the Jndi Realm i have the
problem that the Jndi login module does not support the search in subtrees which i really need.
I thinck that jboss supports this.
However i allways get:
"
[org.jboss.security.auth.spi.LdapLoginModule] Failed to validate password
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
.....
[org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=DBC_UA1
"
in the jboss-web.xml i have the following:
"
<security-domain>java:/jaas/TESTV3</security-domain>
"
in the jboss.xml file i have:
"
<security-domain>java:/jaas/TESTV3</security-domain>
"
in the login-config.xml i have:
"
<application-policy name="TESTV3">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:389/o=sector</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<!-- <module-option name="java.naming.security.protocol"></module-option> -->
<module-option name="java.naming.security.principal">cn=Manager,dc=mycompany,dc=com</module-option>
<module-option name="java.naming.security.credentials">secret</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<!--<module-option name="principalDNSuffix">,o=sector</module-option>-->
<module-option name="roleAttributeName">description</module-option>
<module-option name="matchOnUserDN">false</module-option>
<!--<module-option name="uidAttributeID">sn</module-option>-->
<!--<module-option name="principalDNSuffix">,o=antalis</module-option>-->
<!-- <module-option name="useObjectCredential">false</module-option> -->
<!--<module-option name="rolesCtxDN">o=antalis</module-option>-->
<!-- <module-option name="unauthenticatedIdentity">guest</module-option> -->
<!-- <module-option name="password-stacking"></module-option> -->
<!-- <module-option name="hashAlgorithm">SHA</module-option> -->
<!-- <module-option name="hashEncoding">base64</module-option> -->
<!-- <module-option name="hashCharset"></module-option> -->
</login-module>
</application-policy>
"
I have searched for several newsgroups but i never found a working example for Jaas-OpenLdap and Jboss 4.
Any help would be greatly appreciated
Regards
Kristof