LDAP Authentication

karansudha Sep 19, 2002 8:47 PM

Hi,
I need to authenticate users based on the roles they r in and give them access based upon their rules.
Can anyone help how to achieve this in JBoss. My configuration is
Server : JBoss 3.0.0
JDK : 1.3.1
OS : Windows 2000
LDAP : Lotus Notes 5.0

1. Re: LDAP Authentication

andreas_s Nov 3, 2002 9:46 AM (in response to karansudha)

Hi,

you must configure the login in login-config.xml. The following worked for me:

<application-policy name="myapp">

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://10.0.1.4:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">CN=</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="roleAttributeID">CN</module-option>
<module-option name="principalDNSuffix">,O=your-certifier,C=your-certifier-country-code</module-option>
<module-option name="rolesCtxDN"></module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="unauthenticatedIdentity">Web User</module-option>
</login-module>

</application-policy>

Create groups in your domino directory and add the required people to the groups. Log in to JBoss using your Notes-CN, e.g. CN=Sam Cook/O=Acme/C=US log in using "Sam Cook" as username. You can use your domino internet password to log in. After adding groups and people you often have to rebuild the domino view index. Try "load updall names.nsf -R" on the server console. Then perform "dbcache flush" on the server console and everything should work fine.
Actions
2. Re: LDAP Authentication

elfuhrer Jan 17, 2004 6:50 AM (in response to karansudha)

What about the roles? Where to specify them?
Actions

Go to original post