5 Replies Latest reply on Dec 16, 2005 3:55 PM by javafolks_ssee

    Multiple groups under same rolesCtxDN tag

    javafolks_ssee
    javafolks_ssee Dec 5, 2005 3:28 PM

      Hi Folks,

      I am facing little problem in adding multiple groups under rolesCtxDN in login-config.xml

      Let me explain..Here is my snippet from login-config.xml file

      <module-option name = "rolesCtxDN">OU=X,OU=Users,OU=D,DC=A,DC=B,DC=C</module-option>


      'X' is the sub group of 'Users'. I have one more sub group 'Y'. To accomodate 'Y' I had to repeate the whole block of login-module tag twice except changes from X to Y.

      It works fine. But for scalability, it doesn't look promising.

      Can anybody throw some ideas to accomplish this? Its for LdapLoginModule

      Best Regards,


      • 3339 Views
      • Tags:
        • 1. Re: Multiple groups under same rolesCtxDN tag
          starksm64
          starksm64 Dec 5, 2005 3:42 PM (in response to javafolks_ssee)

          Show a ldif view of the schema along with how the roles are supposed to be pulled out of the various contexts based on the user being authenticated.

            • Actions
          • 2. Re: Multiple groups under same rolesCtxDN tag
            javafolks_ssee
            javafolks_ssee Dec 5, 2005 5:54 PM (in response to javafolks_ssee)

            Scott,
            Thanks for your response.

            As my module-option tag shows the tree structure not exactly the complete LDIF but can give you some idea.

            Under Users group I have two sub groups X and Y. Which needs to be validated against role of user.

            So I belive its role context.


            I would appreciate if you could give your input of how to generate LDIF file that would be great. Dont have much idea to generate it.

            Thanks and best regards.

              • Actions
            • 3. Re: Multiple groups under same rolesCtxDN tag
              javafolks_ssee
              javafolks_ssee Dec 5, 2005 8:44 PM (in response to javafolks_ssee)

              LDAP Tree

              CN=Person Name,OU=X,OU=Users,OU=D,DC=A,DC=B,DC=C


              Let me know Scott is it sufficient.

              Regards,

                • Actions
              • 4. Re: Multiple groups under same rolesCtxDN tag
                starksm64
                starksm64 Dec 9, 2005 11:37 AM (in response to javafolks_ssee)

                Check out ldapsearch and JXplorer in order to get a ldif dump of the server:
                http://sourceforge.net/projects/jxplorer/

                  • Actions
                • 5. Re: Multiple groups under same rolesCtxDN tag
                  javafolks_ssee
                  javafolks_ssee Dec 16, 2005 3:55 PM (in response to javafolks_ssee)

                  Hi Here you go with LDIF

                  For privacy and security reason I have replaced original values. I hope it will help you to understand and guide me.

                  dn: CN=ABC,CN=Computers,DC=DEF,DC=XYZ,DC=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: user
objectClass: computer
accountExpires: 123
badPasswordTime: 0
badPwdCount: 0
cn: ABC
codePage: 0
countryCode: 0
displayName: ABC$
distinguishedName: CN=ABC,CN=Computers,DC=DEF,DC=XYZ,DC=com
dNSHostName: ABC.DEF.XYZ.com
dSCorePropagationData: 123.OZ
dSCorePropagationData: 123.0Z
dSCorePropagationData: 123.0Z
instanceType: 4
isCriticalSystemObject: FALSE
lastLogoff: 0
lastLogon: 123
lastLogonTimestamp: 123
localPolicyFlags: 0
logonCount: 36
name: ABC
objectCategory: CN=Computer,CN=Schema,CN=Configuration,DC=XYZ,DC=com
objectGUID:: abcdef
objectSid:: abcdef
operatingSystem: Windows XP Professional
operatingSystemServicePack: Service Pack 2
operatingSystemVersion: 5.1 (2600)
primaryGroupID: 123
pwdLastSet: 123
sAMAccountName: ABC$
sAMAccountType: 123
servicePrincipalName: ldap/ABC.DEF.XYZ.com
servicePrincipalName: ldap/ABC.DEF.XYZ.com:389
servicePrincipalName: ldap/ABC
servicePrincipalName: ldap/ABC:389
servicePrincipalName: 123-ADAM/ABC.DEF.XYZ.com:389
servicePrincipalName: 123-ADAM/ABC:389
servicePrincipalName: HOST/ABC
servicePrincipalName: HOST/ABC.DEF.XYZ.com
userAccountControl: 123
uSNChanged: 123
uSNCreated: 123
whenChanged: 123.0Z
whenCreated: 123.0Z

dn: CN={123-123},CN=ABC,CN=Computers,DC=DEF,DC=XYZ,DC=com
objectClass: top
objectClass: leaf
objectClass: connectionPoint
objectClass: serviceConnectionPoint
cn: {123}
distinguishedName: CN={123-23},CN=ABC,CN=Computers,DC=DEF,DC=XYZ,DC=com
instanceType: 4
keywords: partition:CN=Configuration,CN={123-123}
keywords: 123
keywords: fsmo:naming
keywords: fsmo:schema
keywords: instance:instance1
keywords: site:Default-First-Site-Name
keywords: 1.2.3.4.1.4.6
keywords: 1.2.3.4.1.4.6
keywords: 123
name: {123}
objectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,DC=XYZ,DC=com
objectGUID:: 123
serviceBindingInformation: ldaps://ABC.DEF.XYZ.com:636
serviceBindingInformation: ldap://ABC.DEF.XYZ.com:389
serviceClassName: LDAP
serviceDNSName: ABC.DEF.XYZ.com
serviceDNSNameType: A
showInAdvancedViewOnly: TRUE
uSNChanged: 123
uSNCreated: 123
whenChanged: 123.0Z
whenCreated: 123.0Z


                  Let me know if you have any inputs.

                  Thanks and best regards.

                    • Actions