Form Based Login Module from LDAP using JAAS - help needed
jai1978 Jun 18, 2005 5:02 AMHi,
I had been trying to do authentication using Open LDAP and JBOSS.
FYI: I had tried Form based authentication using roles and users.properties and Also using Database. But i could not proceed with LDAP.
Please help me solve the problem i had been facing to run the web application with Form based authentication.
Please give me any idea or pls copy the LDIF and login-config.xml and any related web.xml that should be used inorder to run succesfully.
Thankx in advance...
Regards..
FYI:
Login-config.xml that i had used is as below(only modifications):
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
<application-policy name = "bpms_junit">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://cuecent18:389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.security.principal">cn=Directory Manager,dc=bahwancybertek,dc=com</module-option>
<module-option name="java.naming.security.credentials">secret</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">ou=People,dc=bahwancybertek,dc=com</module-option>
<module-option name="uidAttributeID">uniqueMember</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="rolesCtxDN">ou=Groups,dc=bahwancybertek,dc=com</module-option>
</login-module>
</application-policy>
&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&
I am giving my LDIF file below....
*************************************************************
# Define the LDAP directory's top level entry
dn: dc=bahwancybertek, dc=com
objectClass: top
objectClass: dcObject
objectClass: organization
dc: bahwancybertek
o: Bahwan
# Define the Directory Manager entry
dn: cn=Directory Manager,dc=bahwancybertek,dc=com
objectClass: top
objectClass: organizationalRole
objectClass: labeledURIObject
cn: Directory Manager
cn: Manager
cn: Directory Administrator
cn: Administrator
roleOccupant: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
labeledURI: mailto:directorymanager@bahwancybertek.com Directory Manager
seeAlso: dc=bahwancybertek,dc=com
description: Manages the OpenLDAP directories
# OU DEFINITIONS
# People OU - for holding records of all individuals
dn: ou=People,dc=bahwancybertek,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Groups OU - for holding records of groupings of individuals
dn: ou=Groups,dc=bahwancybertek,dc=com
ou: Groups
objectClass: top
objectClass: organizationalUnit
# Roles OU - for holding records of roles and the groups to which those roles have been assigned
dn: ou=Roles,dc=bahwancybertek,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit
# PEOPLE ENTRIES
dn: uid=jaiganesh,ou=People, dc=bahwancybertek, dc=com
mail: jai@bct.com
uid: jaiganesh
userPassword: 123
ou: People
givenName: jai
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: ganesh
cn: jaiganesh
dn: uid=rajazekar,ou=People, dc=bahwancybertek, dc=com
uid: rajazekar
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: People
givenName: rajasekar
userPassword: 123
sn: jeyaraman
cn: rajasekarjeyaraman
mail: raj@bct.com
dn: uid=prathapc,ou=People, dc=bahwancybertek, dc=com
uid: prathapc
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
ou: People
sn: chakravarthy
cn: prathapchakravarthy
givenName: prathap
userPassword: 123
mail: prathapc@bct.com
# GROUPS ENTRIES
dn: cn=Member_admins,ou=Groups,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Member_admins
uniqueMember: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
dn: cn=Everyone,ou=Groups,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Everyone
uniqueMember: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
uniqueMember: uid=rajazekar,ou=People,dc=bahwancybertek,dc=com
uniqueMember: uid=jaiganesh,ou=People,dc=bahwancybertek,dc=com
dn: cn=Restricted,ou=Groups,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Restricted
uniqueMember: uid=rajazekar,ou=People,dc=bahwancybertek,dc=com
# ROLES ENTRIES
dn: cn=Authenticated_users,ou=Roles,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Authenticated_users
uniqueMember: cn=Everyone,ou=Groups,dc=bahwancybertek,dc=com
dn: cn=Administrator,ou=Roles,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Administrator
uniqueMember: cn=Member_admins,ou=Groups,dc=bahwancybertek,dc=com
dn: cn=Restricted_users,ou=Roles,dc=bahwancybertek,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: Restricted
uniqueMember: cn=Restricted,ou=Groups,dc=bahwancybertek,dc=com
**************************************************************