Using the LdapExtLoginModule in a Web Application
neillane Nov 15, 2005 8:39 AMI am trying to get my web app to use a fedora-ds LDAP instance to log me into the app.
I have the following in the jboss-web.xml
<security-domain>java:/jaas/LdapLogin</security-domain>
The entry in the login-config.xml is
<application-policy name = "LdapLogin"> <authentication> <login-module code = "org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name = "java.naming.provider.url">ldap://192.168.1.2:389/</module-option> </login-module> </authentication> </application-policy>
I have the following LDIF loaded into fds
dn: dc=example,dc=com objectClass: top objectClass: domain dc: example dn: o=org_intel, dc=example,dc=com objectClass: top objectClass: organization o: org_intel dn: ou=org_intel_people, o=org_intel, dc=example,dc=com objectClass: top objectClass: organizationalunit ou: org_intel_people dn: uid=neil,ou=org_intel_people, o=org_intel, dc=example,dc=com objectClass: top objectClass: person objectClass: organizationalPerson objectClass: inetOrgPerson objectClass: nsaimpresence o: org_intel givenName: Neil cn: Neil sn: Lane ou: org_intel_people # org_intel local roles - If the user is a member of the organisation org_intel they will posses this role. This role will be used for the authentication. If the user posses this role they are allowed to log into the application. dn: cn=org_intel_application_login, o=org_intel, dc=example,dc=com objectclass: top objectclass: LDAPsubentry objectclass: nsRoleDefinition objectclass: nsComplexRoleDefinition objectclass: nsFilteredRoleDefinition cn: org_intel_application_login nsRoleFilter: o=org_intel description: Role to allow user login to Intel applications # GLOBAL ROLES used for access control. All users who have the filtered role cn=org_intel_application_login, o=org_intel, dc=example,dc=com will posses the access role below. These roles will be used for authorisation in the application. dn: cn=access_role_intel_application_login,dc=intelliform,dc=co,dc=za objectclass: top objectclass: LDAPsubentry objectclass: nsRoleDefinition objectclass: nsComplexRoleDefinition objectclass: nsNestedRoleDefinition cn: access_role_intel_application_login nsRoleDN: cn=org_intel_application_login, o=org_intel, dc=example,dc=com
I need some assistance with the other application-poilicy params ie
<module-option name = "rolesCtxDN"> <module-option name = "matchOnUserDN"> <module-option name = "uidAttributeID"> <module-option name = "roleAttributeID"> <module-option name = "roleAttributeIsDN"> <module-option name = "roleNameAttributeID">
At the moment all that happens is that I am forwarded to the login-error page, with no system outputs or exception stacktraces.
Are my problems due to the use of the filtered and nested roles?
running the ldapsearch command on the command line returns all the correct nsRole attributes for the user.
Please can someone assist, as I must be missing some config setting or something, somewhere.
Thanks
Neil