0 Replies Latest reply on Jun 21, 2005 9:37 PM by kbombard

    JNDIRealm and LDAP security login

    kbombard
    kbombard Jun 21, 2005 9:37 PM

      I hope this is the correct forum.

      I am having a problem with JBoss 401/Tomcat 5.0.x and OpenLDAP 2.2 JNDIRealm and the LDAP DIT.
      It authenticates fine but does not seem to find any roles. I am guessing I have either the JNDIRealm
      setup incorrectly to get the roles or I have my LDAP People/Roles setup incorrectly.
      Any help on what it might be would be great.

      I have listed my server.xml for JBoss/Tomcat with the JNDIRealm, the Tomcat message it prints, and my LDAP setup.




      20:58:20,399 INFO [Engine] JNDIRealm[jboss.web]: lookupUser(operator)
      20:58:20,409 INFO [Engine] JNDIRealm[jboss.web]: dn=uid=operator,ou=People,dc=sample,dc=com
      20:58:20,409 INFO [Engine] JNDIRealm[jboss.web]: validating credentials by binding as the user
      20:58:20,409 INFO [Engine] JNDIRealm[jboss.web]: binding as uid=operator,ou=People,dc=sample,dc=com
      20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: Username operator successfully authenticated
      20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: getRoles(uid=operator,ou=People,dc=sample,dc=com)
      20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: Searching role base 'ou=Roles,dc=sample,dc=com' for attribute 'cn'
      20:58:20,449 INFO [Engine] JNDIRealm[jboss.web]: With filter expression 'uniqueMember=uid=operator,ou=People,dc=sample,dc=com'
      20:58:20,469 INFO [Engine] JNDIRealm[jboss.web]: Returning 0 roles

      version: 1
      dn: dc=sample,dc=com
      objectClass: top
      objectClass: organization
      objectClass: domainRelatedObject
      objectClass: dcObject
      associatedDomain: sample.com
      dc: sample
      description: sample com
      o: sample
      postalAddress: empty
      telephoneNumber: +44 00000000

      dn: ou=People,dc=sample,dc=com
      objectClass: top
      objectClass: organizationalUnit
      ou: People

      dn: uid=admin,ou=People,dc=sample,dc=com
      objectClass: inetOrgPerson
      objectClass: organizationalPerson
      objectClass: person
      objectClass: top
      cn: admin
      sn: admin
      uid: admin
      userPassword:: YWRtaW4=

      dn: uid=analyst,ou=People,dc=sample,dc=com
      objectClass: inetOrgPerson
      objectClass: organizationalPerson
      objectClass: person
      objectClass: top
      cn: analyst
      sn: analyst
      uid: analyst
      userPassword:: YW5hbHlzdA==

      dn: uid=operator,ou=People,dc=sample,dc=com
      objectClass: inetOrgPerson
      objectClass: organizationalPerson
      objectClass: person
      objectClass: top
      objectClass: shipInfoObject
      cn: operator
      sn: operator
      uid: operator
      userPassword:: b3BlcmF0b3I=

      dn: uid=law,ou=People,dc=sample,dc=com
      objectClass: inetOrgPerson
      objectClass: organizationalPerson
      objectClass: person
      objectClass: top
      cn: law
      sn: law
      uid: law
      userPassword:: bGF3

      dn: ou=Roles,dc=sample,dc=com
      objectClass: top
      objectClass: organizationalUnit
      ou: Roles

      dn: cn=operators,ou=Roles,dc=sample,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: operators
      uniqueMember: uid=operator,ou=People,dc=sample,dc=com

      dn: cn=analysts,ou=Roles,dc=sample,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: analysts
      uniqueMember: uid=analyst,ou=People,dc=sample,dc=com

      dn: cn=admins,ou=Roles,dc=sample,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: admins
      uniqueMember: uid=admin,ou=People,dc=sample,dc=com

      dn: cn=lawenforcements,ou=Roles,dc=sample,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: lawenforcements
      uniqueMember: uid=law,ou=People,dc=sample,dc=com

      • 2901 Views
      • Tags: