-
1. Re: JNDIRealm and JDBCRealm together
kbombard Aug 16, 2005 9:54 AM (in response to kbombard)I read in the JBoss Dev Notebook that you can do this by stacking login modules and it had an example of the login-conf.xml for JDBC and LDAP. It does not talk about the server.xml or any other pieces. I followed the instructions and added this but it still does not work:
<application-policy name = "other">
<login-module code = "org.jboss.security.auth.spi.DatabaseServerLoginModule"
flag = "sufficient">
<module-option name = "dsJndiName">java:/APRhsqldbDS</module-option>
<module-option name = "principalsQuery">SELECT PASSWORD FROM APR_USER WHERE PASSWORD=?</module-option>
<module-option name = "rolesQuery">SELECT ROLE, 'Roles' FROM APR_USER_ROLE WHERE ROLE=?</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="sufficient" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory"</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">uid= </module-option>
<module-option name="principalDNSuffix">ou=People, dc= info, dc=org</module-option>
<module-option name="rolesCtxDN">ou=Roles,o=EastCoast,o=HQ,c=US,dc=info,dc=org</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
</login-module>
</application-policy>