1 Reply Latest reply on Jun 23, 2005 12:04 AM by jai1978

Form Based Login Module from LDAP using JAAS - help needed

jai1978 Jun 18, 2005 5:02 AM

Hi,

I had been trying to do authentication using Open LDAP and JBOSS.
FYI: I had tried Form based authentication using roles and users.properties and Also using Database. But i could not proceed with LDAP.

Please help me solve the problem i had been facing to run the web application with Form based authentication.

Please give me any idea or pls copy the LDIF and login-config.xml and any related web.xml that should be used inorder to run succesfully.

Thankx in advance...

Regards..

FYI:

Login-config.xml that i had used is as below(only modifications):

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

<application-policy name = "bpms_junit">

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://cuecent18:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.security.principal">cn=Directory Manager,dc=bahwancybertek,dc=com</module-option>
<module-option name="java.naming.security.credentials">secret</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">ou=People,dc=bahwancybertek,dc=com</module-option>
<module-option name="uidAttributeID">uniqueMember</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="rolesCtxDN">ou=Groups,dc=bahwancybertek,dc=com</module-option>
</login-module>

</application-policy>

&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

I am giving my LDIF file below....
*************************************************************

# Define the LDAP directory's top level entry
dn: dc=bahwancybertek, dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: bahwancybertek
o: Bahwan

# Define the Directory Manager entry
dn: cn=Directory Manager,dc=bahwancybertek,dc=com
objectClass: top
objectClass: organizationalRole
objectClass: labeledURIObject
cn: Directory Manager
cn: Manager
cn: Directory Administrator
cn: Administrator
roleOccupant: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
labeledURI: mailto:directorymanager@bahwancybertek.com Directory Manager
seeAlso: dc=bahwancybertek,dc=com
description: Manages the OpenLDAP directories

# OU DEFINITIONS
# People OU - for holding records of all individuals
dn: ou=People,dc=bahwancybertek,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit

# Groups OU - for holding records of groupings of individuals
dn: ou=Groups,dc=bahwancybertek,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit

# Roles OU - for holding records of roles and the groups to which those roles have been assigned
dn: ou=Roles,dc=bahwancybertek,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit

# PEOPLE ENTRIES
dn: uid=jaiganesh,ou=People, dc=bahwancybertek, dc=com
mail: jai@bct.com
uid: jaiganesh
userPassword: 123
ou: People
givenName: jai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: ganesh
cn: jaiganesh

dn: uid=rajazekar,ou=People, dc=bahwancybertek, dc=com
uid: rajazekar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: People
givenName: rajasekar
userPassword: 123
sn: jeyaraman
cn: rajasekarjeyaraman
mail: raj@bct.com

dn: uid=prathapc,ou=People, dc=bahwancybertek, dc=com
uid: prathapc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: People
sn: chakravarthy
cn: prathapchakravarthy
givenName: prathap
userPassword: 123
mail: prathapc@bct.com

# GROUPS ENTRIES
dn: cn=Member_admins,ou=Groups,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Member_admins
uniqueMember: uid=prathapc,ou=People,dc=bahwancybertek,dc=com

dn: cn=Everyone,ou=Groups,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Everyone
uniqueMember: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
uniqueMember: uid=rajazekar,ou=People,dc=bahwancybertek,dc=com
uniqueMember: uid=jaiganesh,ou=People,dc=bahwancybertek,dc=com

dn: cn=Restricted,ou=Groups,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Restricted
uniqueMember: uid=rajazekar,ou=People,dc=bahwancybertek,dc=com

# ROLES ENTRIES
dn: cn=Authenticated_users,ou=Roles,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Authenticated_users
uniqueMember: cn=Everyone,ou=Groups,dc=bahwancybertek,dc=com

dn: cn=Administrator,ou=Roles,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrator
uniqueMember: cn=Member_admins,ou=Groups,dc=bahwancybertek,dc=com

dn: cn=Restricted_users,ou=Roles,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Restricted
uniqueMember: cn=Restricted,ou=Groups,dc=bahwancybertek,dc=com

**************************************************************

1. Re: Form Based Login Module from LDAP using JAAS - help need

jai1978 Jun 23, 2005 12:04 AM (in response to jai1978)

Hi Group,

I am anxiously awaiting for your reply....
Any help related to this in any means would be
really helpful for me...

Regards,
Actions