0 Replies Latest reply on Jun 17, 2005 8:21 AM by kristofv2002

    Jboss4 - Jaas - OpenLdap configuration problem

    kristofv2002
    kristofv2002 Jun 17, 2005 8:21 AM

      Hi,

      I'm having trouble configuring the JndiLogin.
      I have an OpenLDAP server which is configured as follows:
      o=sector
      |
      |--c=region
      |
      |--o=pgroupA
      | |
      | |--cn=userA with UID=ABC_UA1
      | |--cn=userB with UID=ABC_UB1
      |--o=pgroupB
      |
      |--cn=userA with UID=DBC_UA1
      |--cn=userB with UID=DBC_UB1

      So i have to search for my users with the UID
      I have this working in Tomcat 5.0, however when i try to use JAAS instead of the Jndi Realm i have the
      problem that the Jndi login module does not support the search in subtrees which i really need.
      I thinck that jboss supports this.
      However i allways get:
      "
      [org.jboss.security.auth.spi.LdapLoginModule] Failed to validate password
      javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid Credentials]
      .....
      [org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=DBC_UA1

      "
      in the jboss-web.xml i have the following:
      "
      <security-domain>java:/jaas/TESTV3</security-domain>
      "
      in the jboss.xml file i have:
      "
      <security-domain>java:/jaas/TESTV3</security-domain>
      "
      in the login-config.xml i have:
      "
      <application-policy name="TESTV3">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://localhost:389/o=sector</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <!-- <module-option name="java.naming.security.protocol"></module-option> -->
      <module-option name="java.naming.security.principal">cn=Manager,dc=mycompany,dc=com</module-option>
      <module-option name="java.naming.security.credentials">secret</module-option>
      <module-option name="principalDNPrefix">uid=</module-option>
      <!--<module-option name="principalDNSuffix">,o=sector</module-option>-->
      <module-option name="roleAttributeName">description</module-option>
      <module-option name="matchOnUserDN">false</module-option>
      <!--<module-option name="uidAttributeID">sn</module-option>-->
      <!--<module-option name="principalDNSuffix">,o=antalis</module-option>-->
      <!-- <module-option name="useObjectCredential">false</module-option> -->
      <!--<module-option name="rolesCtxDN">o=antalis</module-option>-->

      <!-- <module-option name="unauthenticatedIdentity">guest</module-option> -->
      <!-- <module-option name="password-stacking"></module-option> -->
      <!-- <module-option name="hashAlgorithm">SHA</module-option> -->
      <!-- <module-option name="hashEncoding">base64</module-option> -->
      <!-- <module-option name="hashCharset"></module-option> -->
      </login-module>

      </application-policy>
      "
      I have searched for several newsgroups but i never found a working example for Jaas-OpenLdap and Jboss 4.
      Any help would be greatly appreciated

      Regards

      Kristof

      • 3546 Views
      • Tags: