JNDIRealm and LDAP security login
kbombard Jun 21, 2005 9:37 PMI hope this is the correct forum.
I am having a problem with JBoss 401/Tomcat 5.0.x and OpenLDAP 2.2 JNDIRealm and the LDAP DIT.
It authenticates fine but does not seem to find any roles. I am guessing I have either the JNDIRealm
setup incorrectly to get the roles or I have my LDAP People/Roles setup incorrectly.
Any help on what it might be would be great.
I have listed my server.xml for JBoss/Tomcat with the JNDIRealm, the Tomcat message it prints, and my LDAP setup.
20:58:20,399 INFO [Engine] JNDIRealm[jboss.web]: lookupUser(operator)
20:58:20,409 INFO [Engine] JNDIRealm[jboss.web]: dn=uid=operator,ou=People,dc=sample,dc=com
20:58:20,409 INFO [Engine] JNDIRealm[jboss.web]: validating credentials by binding as the user
20:58:20,409 INFO [Engine] JNDIRealm[jboss.web]: binding as uid=operator,ou=People,dc=sample,dc=com
20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: Username operator successfully authenticated
20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: getRoles(uid=operator,ou=People,dc=sample,dc=com)
20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: Searching role base 'ou=Roles,dc=sample,dc=com' for attribute 'cn'
20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: With filter expression 'uniqueMember=uid=operator,ou=People,dc=sample,dc=com'
20:58:20,469 INFO [Engine] JNDIRealm[jboss.web]: Returning 0 roles
version: 1
dn: dc=sample,dc=com
objectClass: top
objectClass: organization
objectClass: domainRelatedObject
objectClass: dcObject
associatedDomain: sample.com
dc: sample
description: sample com
o: sample
postalAddress: empty
telephoneNumber: +44 00000000
dn: ou=People,dc=sample,dc=com
objectClass: top
objectClass: organizationalUnit
ou: People
dn: uid=admin,ou=People,dc=sample,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: admin
sn: admin
uid: admin
userPassword:: YWRtaW4=
dn: uid=analyst,ou=People,dc=sample,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: analyst
sn: analyst
uid: analyst
userPassword:: YW5hbHlzdA==
dn: uid=operator,ou=People,dc=sample,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
objectClass: shipInfoObject
cn: operator
sn: operator
uid: operator
userPassword:: b3BlcmF0b3I=
dn: uid=law,ou=People,dc=sample,dc=com
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: law
sn: law
uid: law
userPassword:: bGF3
dn: ou=Roles,dc=sample,dc=com
objectClass: top
objectClass: organizationalUnit
ou: Roles
dn: cn=operators,ou=Roles,dc=sample,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: operators
uniqueMember: uid=operator,ou=People,dc=sample,dc=com
dn: cn=analysts,ou=Roles,dc=sample,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: analysts
uniqueMember: uid=analyst,ou=People,dc=sample,dc=com
dn: cn=admins,ou=Roles,dc=sample,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: admins
uniqueMember: uid=admin,ou=People,dc=sample,dc=com
dn: cn=lawenforcements,ou=Roles,dc=sample,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: lawenforcements
uniqueMember: uid=law,ou=People,dc=sample,dc=com