This content has been marked as final.
Show 3 replies
-
1. Re: Domino LDAP
brushmore Jul 27, 2005 8:52 AM (in response to brushmore)For anyone lurking that has the same issue: I was never able to get it working with JBoss LDAP login module. However, I was able to write my own with little effort. Email me and I'll be happy to share my code with you.
-
2. Re: Domino LDAP
starksm64 Jul 30, 2005 12:08 PM (in response to brushmore)See if the LdapExtLoginModule can be made to work with the domino schema.
http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule
http://jira.jboss.com/jira/browse/JBAS-1525 -
3. Re: Domino LDAP
rsoika Sep 12, 2006 9:18 AM (in response to brushmore)hi,
we solved the configuration problems with the following configuration (inside the login-config.xml<!-- LDAP login configuration for Domino --> <application-policy name="imixsIX"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://myhostmuc:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNPrefix">cn=</module-option> <!-- for principalDNSuffix no entry is needed for domino (e.g. o=MYDOMIAN) --> <module-option name="principalDNSuffix"></module-option> <module-option name="rolesCtxDN"></module-option> <module-option name="uidAttributeID">member</module-option> <module-option name="matchOnUserDN">true</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="searchTimeLimit">5000</module-option> <!-- searchScope ONELEVEL_SCOPE is neccesary for Domino --> <module-option name="searchScope">ONELEVEL_SCOPE</module-option> </login-module> </authentication> </application-policy>
If your user will see no roles this will be an isue of the names.nsf acl. If "normal" users are not allowed to read in the name.nsf (this is typical for Domino installations) you need additional params to make the lookups with an admin account:<!-- Principal und Credentials for ldap lookups --> <module-option name="java.naming.security.principal">cn=admin,o=MYORG</module-option> <module-option name="java.naming.security.credentials">password</module-option>
I hope this will be helpfull
Ralph