-
1. Re: LdapLoginModule to ActiveDirectory, could it be a bug?
andrea_desantis Dec 21, 2005 11:34 AM (in response to rtselvan)I've the same problem and I think is a bug.
With JBoss 4.0.2 work's fine.
Thank's. -
2. Re: LdapLoginModule to ActiveDirectory, could it be a bug?
clcarff Dec 30, 2005 11:16 AM (in response to rtselvan)I am having the same problem, and searching the source code I found the cause:
=========================
Org.jboss.security.auth.spi.LdapLoginModule
Line 347 (cvs:HEAD)
roleFilter.append("=*)");
should be changed to
roleFilter.append("={0})");
=========================
As of right now the search runs "(=*)" or in your specific case "(sAMAccountName=*)" which returns all objects that have a sAMAccount name to then search for roles. It should run "(={0})" so that the {0} gets replaced by the username specified in the filterArgs.
I do not see how in it's current state LdapLoginModule works for anyone. I hope we can see this fixed soon. -
3. Re: LdapLoginModule to ActiveDirectory, could it be a bug?
clcarff Dec 30, 2005 11:19 AM (in response to rtselvan)Silly me, you already noted the error. The change was made to use the search filter in 4.0.3 this is why it still works properyly in 4.0.2. Has a Jira issue been posted yet?
-
4. Re: LdapLoginModule to ActiveDirectory, could it be a bug?
dhartford Jan 26, 2006 3:06 PM (in response to rtselvan)"clcarff" wrote:
=========================
Org.jboss.security.auth.spi.LdapLoginModule
Line 347 (cvs:HEAD)
roleFilter.append("=*)");
should be changed to
roleFilter.append("={0})");
=========================
Confirmed on 4.0.4beta, fixed my problem!
-D