JBoss Portal LDAP Authentication
joelryan2k Aug 1, 2006 4:48 PMI have JBoss portal (2.2.1-SP3-bundled) authenticating correctly against an OpenLDAP server. When I login with a *valid* username/password, though, subsequent pages fail with the error listed below.
Is the problem that the user 'jduke' needs to be in JBoss's user database as well as in LDAP? It seems like the LdapExtLoginModule would take care of this automatically. Do I need to write a custom LoginModule?
I've been all over google on this one and would greatly appreciate any help!
Thanks a million!
-- Joel
exception
javax.servlet.ServletException: No such user No such user jduke
org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227)
javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
root cause
org.jboss.portal.core.model.NoSuchUserException: No such user No such user jduke
org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123)
org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100)
org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
...
Here's the login-config.xml:
<application-policy name="portal">
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
<module-option name="bindDN">cn=Manager,dc=jboss,dc=org</module-option>
<module-option name="bindCredential">secret</module-option>
<module-option name="baseCtxDN">ou=People,dc=jboss,dc=org</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="password-stacking">useFirstPass</module-option>
<module-option name="passwordValidation">remote</module-option>
</login-module>
</application-policy>
And here's what's in the LDAP:
dn: dc=jboss,dc=org
objectclass: top
objectclass: dcObject
objectclass: organization
dc: jboss
o: JBoss
dn: ou=People,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: People
dn: uid=jduke,ou=People,dc=jboss,dc=org
objectclass: top
objectclass: uidObject
objectclass: person
uid: jduke
cn: Java Duke
sn: Duke
userPassword: theduke
dn: ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: organizationalUnit
ou: Roles
dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org
objectclass: top
objectclass: groupOfNames
cn: JBossAdmin
member: uid=jduke,ou=People,dc=jboss,dc=org
description: the JBossAdmin group