Ideally what I want is contextless login based on the user's CN. Can someone help me build the right policy to achieve this?
This is what I added to conf/login-config.xml:
<application-policy name="extend">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
<module-option name="java.naming.provider.url">;ldap://10.0.0.11:389/</module-option>
<module-option name="uidAttributeID">;inetOrgPerson</module-option>
<module-option name="roleAttributeID">;memberOf</module-option>
<module-option name="roleAttributeIsDN">;true</module-option>
<module-option name="roleNameAttributeID">;name</module-option>
<module-option name="java.naming.security.principle">cn=admin,ou=Services,o=Corp</module-option>
<module-option name="java.naming.security.principle">password</module-option>
</login-module>
</application-policy>
I tried this too, without success:
<application-policy name="extend">
<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://10.0.0.11:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">
,ou=Dept,o=Corp
</module-option>
<module-option name="rolesCtxDN">
ou=Dept,o=Corp
</module-option>
<module-option name="uidAttributeID">memberOf</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false </module-option>
</login-module>
</application-policy>