custom login module (Portal with LDAP)
raghuram11 Jun 15, 2006 10:45 PM
Currently, I am using the,
JBoss AS 4.0.3SP1
JBoss Portal 2.2
mySQL 4.1
OpenLDAP
Bascially, i am trying for authenication and authorization by using portal through LDAP.
I had gone through the link http://www.jboss.com/index.html?module=bb&op=viewtopic&t=75745&postdays=0&postorder=asc&start=0 and made the following changes.
1) update the login-config.xml (given below)
<application-policy name="portal"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="requisite"> <module-option name="password-stacking">useFirstPass</module-option> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://testserver-09:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="java.naming.security.principal">cn=ldapadmin,ou=famie,dc=org,dc=com</module-option> <module-option name="java.naming.security.credentials">ldap123</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=People,ou=famie,dc=org,dc=com</module-option> <module-option name="rolesCtxDN">ou=Roles,dc=org,dc=com</module-option> <module-option name="uidAttributeID">uniqueMember</module-option> <module-option name="matchOnUserDN">true</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="searchTimeLimit">5000</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="defaultRole">Authenticated</module-option> </login-module> <login-module code="org.jboss.portal.core.security.jaas.ExtModelLoginModule" flag="required"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="hashAlgorithm">MD5</module-option> <module-option name="hashEncoding">HEX</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="password-stacking">useFirstPass</module-option> </login-module> </authentication> </application-policy>
so, basically first login-module is for aunthentication of the users at LDAP.
second login-module is for portal database.
2) I used the custom class ExtModelLoginModule and which was update in the login-config.xml
so, i compiled the portal source code and deployed in the JBoss AS 4.0.3SP1
Case 1:
---------
If I enter a userid and password which are existing in LDAP and also userid present in the portal database, I am getting the portal screens.
Case 2:
----------
now, if I enter a userid and password which are existing in LDAP and not in portal database, I am getting an error page saying that "Login Failed!
--Sorry, your username and/or password could not be verified."
so, basically, here also authentication from LDAP is success and now when processing the second login-module, i hope it is getting the problem.
And I checked in the log files, i couldnt see any errors even.
my Question is :
1) I am not sure, how to get the roles for the logged user from LDAP and then inform to portal??
Can I know, where I made mistakes??
if this question is not clear, pls let me know so that I can give details clearly regarding what I did.
with regards,
Raghuram