1 Reply Latest reply on Sep 13, 2006 4:01 PM by markash

    Mapping the User Name to the full DN in the LDAP Entry?

    rsoika
    rsoika Sep 12, 2006 10:10 AM

      hi,

      I have still problems to understand "org.jboss.security.auth.spi.LdapLoginModule"

      It seems I have configured the login-config.xml well. So users can authenticat against my LDAP. But once authentication succeeds CallerPricipal (inside my EJB Context) is the actual user name, the user entered into the login dialog.
      But I need the Full DN of the Users LDAP Object.

      How can I configure the LDAPLoginModule so the user name entered into the LoginDialog will be mapped to a spcific Attriubute or Full DN of my LDAP Entry.

      Is this possible? I found nothing about this topic.
      Thanks for any help.

      Ralph

      • 2266 Views
      • Tags:
        • 1. Re: Mapping the User Name to the full DN in the LDAP Entry?
          markash
          markash Sep 13, 2006 4:01 PM (in response to rsoika)

          Good Day,

          Dynamic
          ----------
          The principal class in JBoss by default is the SimplePrincipal which just has the user name of the authenticated user. To have the full name of the DN either the user must enter the DN instead of the sAMAccount or userName or the SimplePrincipal needs to be replaced by an implementation of Principal that contains the DN of the user populated during the login process in a subclass of LDAPLoginModule.

          Static
          ------
          If all the users of your application have a similar DN
          then you can use the
          - principalDNPrefix
          - principalDNSuffix
          attributes in the LDAPLoginModule to create the DN of the user. Look at the following...
          http://docs.jboss.org/jbossas/jboss4guide/r5/html/ch8.chapter.html#ch8.ldaplogin.sect


            • Actions