1 2 Previous Next 22 Replies Latest reply on Dec 5, 2005 5:14 PM by darnowsi

    Does jboss-portal 2.0 support LDAP?

    xgj6688

      It seems that jboss portal 2.0 cannot work smoothly with LDAP.
      I plan to use LDAP authentication and get roles from LDAP.
      I change the jboss-portal.sar/conf/login-config.xml.
      I do believe that LDAP authentication works successfully.
      Then the portal redirects to this URL:
      http://localhost:8080/portal/auth/index.html?ctrl:id=window.default.CMSPortletWindow&ctrl:type=action&org.jboss.portal%23PATH=%2F

      and displayed:

      HTTP Status 403 - Access to the requested resource has been denied

      --------------------------------------------------------------------------------

      type Status report

      message Access to the requested resource has been denied

      description Access to the specified resource (Access to the requested resource has been denied) has been forbidden.


      --------------------------------------------------------------------------------
      Apache Tomcat/5.5.9


      I guess roles from LDAP cannot work smoothly in portal.
      Does portal 2.0 support LDAP? Can I implement LDAP authentication in LDAP? If I can, how about the steps?Thanks.

        • 1. Re: Does jboss-portal 2.0 support LDAP?
          xgj6688

          sorry I make mistakes in my question.
          It should be:
          Does portal 2.0 support LDAP? Can I implement LDAP authentication in PORTAL? If I can, how about the steps?Thanks.

          • 2. Re: Does jboss-portal 2.0 support LDAP?

             

            Does jboss-portal 2.0 support LDAP?


            The portal does not support LDAP as a repository for portal roles...sort of.
            What's happening is that your LDAP is not supplying the roles used by the JBoss Portal. The portal comes with two roles out-of-the-box:

            * Admin
            * User

            You should review JBoss AS 4.0.X Server Guide (chapter 8 on security) to determine how you want to integrate your LDAP authentication with JBoss Portal. What I did for this was to implement a custom JAAS LoginModule (using JBoss SX base class) and after authenticating against our internal LDAP system, I automatically inserted a user into the portal's database with the User role (if he/she did not exist in the database). I also 'borrowed' some of the code from the JBoss Portal HibernateLoginModule class - specifically the code that gets the roles for a user. The result was a login module that used our corporate LDAP system AND JBoss Portal's DB to authenticate and authorize a user for the portal.

            Hope this helps.


            • 3. Re: Does jboss-portal 2.0 support LDAP?

              did you think about stacking the login modules instead of merging the code ?

              • 4. Re: Does jboss-portal 2.0 support LDAP?
                xgj6688

                Thank Brad and Viet. Your raplies are so helpful. Brad's method is good, I think.

                • 5. Re: Does jboss-portal 2.0 support LDAP?

                  yes it works. my point is about avoiding to fork code.

                  "xgj6688" wrote:
                  Thank Brad and Viet. Your raplies are so helpful. Brad's method is good, I think.


                  • 6. Re: Does jboss-portal 2.0 support LDAP?
                    xgj6688

                    Thanks Viet. I am new to jBoss AS and portal, but I believe stacking the login modules to avoid fork code is a wonderful idea.
                    Thanks Viet and Brad again.

                    • 7. Re: Does jboss-portal 2.0 support LDAP? STACKING vs. MERGING

                      Hi Julien,

                      Yes - I thought about stacking. At the time I wrote my LoginModule, I was under a deadline and was having some issues getting stacking to work the way I wanted. In hindsight, I should probably revisit the LoginModule-stacking approach and see if I can get it to work the way I want.

                      Thanks,
                      Brad

                      PS - there's no 'forking' of JBoss code; I simply created a new LoginModule in my system that borrows some of your HibernateLoginModule code.

                      • 8. Re: Does jboss-portal 2.0 support LDAP?

                        I meant "fork" for the sake of avoiding duplication that makes then your code a problem to maintain when our code will evolve.

                        • 9. Re: Does jboss-portal 2.0 support LDAP?
                          cherngje

                           

                          "julien@jboss.com" wrote:
                          I meant "fork" for the sake of avoiding duplication that makes then your code a problem to maintain when our code will evolve.


                          I am having the exact same issues with the LDAP integration (same error message after I modify the login-config.xml and jboss-web.xml). Now, my boss would like me to write our own login module instead of waiting for jboss's code to be evolved. At this point I would like to try the idea of "stacking", however, could anyone give me a little detail about "stacking"? Some type of concept or abstraction description will be good enough. I can google for the rest of information.

                          Thanks a lot.

                          • 10. Re: Does jboss-portal 2.0 support LDAP?
                            david.calvente

                            I´m at the same point and I wonder if some one has reached any further steps.
                            I think stacking is the way, but I need some help on this to continue.
                            If I finish succesfully, I promise I post a WIKI explaining my work

                            Thanks

                            David

                            • 11. Re: Does jboss-portal 2.0 support LDAP?

                              I have received a contribution from patrick that works in 2.0 and goes farther in the integration as it implements parts of the UserModule and RoleModule.

                              Also it is supposed to work only with MSAD, but the code uses LDAP interface, so I am wondering if this is compatible with any LDAP server.

                              I would like to have a solution that works for both, probably refactoring patrick's work is the best.

                              • 12. Re: Does jboss-portal 2.0 support LDAP?
                                david.calvente

                                Can i have access to it? Could you e-mail me that contribution?

                                So I could work itn that direction.

                                Thanks

                                David

                                • 13. Re: Does jboss-portal 2.0 support LDAP?

                                  I'd also be interested in seeing this code - I'd like to see if I can get it working against Novell's eDirectory.

                                  Cheers,
                                  KEv.

                                  • 14. Re: Does jboss-portal 2.0 support LDAP?

                                    I think I need to ask Patrick because he did not sign any agreement and the code is his property.

                                    Send me your mail address and I will ask him to send you this code.

                                    1 2 Previous Next