1 Reply Latest reply on Apr 15, 2009 9:54 AM by joncmuniz

    How to configure  <application-policy name="JBossWS"> to sup

    joncmuniz

      How to configure <application-policy name="JBossWS"> to support LDAP?

      The file login-config.xml has a setting where I get User and roles from a file properties (jbossws-roles.properties,jbossws-users.properties), how do I get these users and roles of an LDAP repository?

        • 1. Re: How to configure  <application-policy name=
          joncmuniz

          It's very very easy!!!!!!!!!!!!!

           <!--
           A template configuration for the JBossWS security domain.
           This defaults to the UsersRolesLoginModule the same as other and should be
           changed to a stronger authentication mechanism as required.
          
           <application-policy name="JBossWS">
           <authentication>
           <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule"
           flag="required">
           <module-option name="usersProperties">props/jbossws-users.properties</module-option>
           <module-option name="rolesProperties">props/jbossws-roles.properties</module-option>
           <module-option name="unauthenticatedIdentity">anonymous</module-option>
           </login-module>
           </authentication>
           </application-policy>
          -->
          

          CHANGE FOR THIS ----------
          <application-policy name="JBossWS">
           <authentication>
           <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
           flag="required">
           <module-option name="java.naming.factory.initial">
           com.sun.jndi.ldap.LdapCtxFactory
           </module-option>
           <module-option name="java.naming.provider.url">
           ldap://YOUR IP:PORT LDAP/
           </module-option>
           <module-option name="java.naming.security.authentication">
           simple
           </module-option>
           <module-option name="principalDNPrefix">uid=</module-option>
           <module-option name="principalDNSuffix">
           ,ou=users,dc=cds,dc=com
           </module-option>
          
           <module-option name="rolesCtxDN">
           ou=groups,dc=cds,dc=com
           </module-option>
           <module-option name="uidAttributeID">member</module-option>
           <module-option name="matchOnUserDN">true</module-option>
          
           <module-option name="roleAttributeID">cn</module-option>
           <module-option name="roleAttributeIsDN">false </module-option>
           </login-module>
           </authentication>
          </application-policy>