-
1. Re: How to get Ldap informations?
hi
this is my configuration in login-config.xml file . it is working for me. May be this will be of some help to you.
<!DOCTYPE policy PUBLIC
"-//JBoss//DTD JBOSS Security Config 3.0//EN"
"http://www.jboss.org/j2ee/dtd/security_config.dtd">
<!-- For the JCR CMS -->
<application-policy name="cms">
<login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>
</application-policy>
<application-policy name="portal">
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:10389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">cn=Directory Manager</module-option>
<module-option name="bindCredential">password</module-option>
<module-option name="baseCtxDN">ou=People,dc=example,dc=com</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="searchTimeLimit">10000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
<login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
<module-option name="synchronizeIdentity">true</module-option>
<module-option name="synchronizeRoles">true</module-option>
<module-option name="additionalRole">Authenticated</module-option>
<module-option name="defaultAssignedRole">User</module-option>
<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
<module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
<module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
<module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
</login-module>
</application-policy>
this will enable you authenticate against LDAP using the Jboss portal login.
Code in my part is
/**
*
* @return Map of Identity Modules
*/
public Map<String,Object> getLDAPModules()
{
Map<String,Object> modulesMap = new HashMap();
if (!checkConfig.equalsIgnoreCase("true"))
{
try
{
UserModule usermodule = (UserModule) new InitialContext().lookup("java:/portal/UserModule");
RoleModule roleModule =(RoleModule) new InitialContext().lookup("java:/portal/RoleModule");
UserProfileModule userProfileModule = (UserProfileModule) new InitialContext().lookup("java:/portal/UserProfileModule");
MembershipModule membershipModule = (MembershipModule) new InitialContext().lookup("java:/portal/MembershipModule");
modulesMap.put(User.USER_MODULE, usermodule);
modulesMap.put(User.ROLE_MODULE, roleModule);
modulesMap.put(User.USER_PROFILE_MODULE, userProfileModule);
modulesMap.put(User.MEMBERSHIP_MODULE, membershipModule);
return modulesMap;
}
catch (NamingException e)
{
e.printStackTrace();
}
catch(Exception e){
e.printStackTrace();
}
}
return null;
}
// this will fetch you the Identity Modules and using this you can get the necessary details from LDAP using the methods available in each Modules.
Good Luck...happy coding -
-
3. Re: How to get Ldap informations?
I've got other questions : In which class is the Map of Identity Modules? I can't find the method getLDAPModules()...
And why do I have to map it again? Isn't it specified with this code:<module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option> <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
I've already tried with this configuration in ldap_identity-config.xml :<identity-configuration> <datasources> <datasource> <name>LDAP</name> <config> <option> <name>host</name> <value>cbh57.bdxdom.mck</value> </option> <option> <name>port</name> <value>389</value> </option> <option> <name>adminDN</name> <value>CN=Manager</value> </option> <option> <name>adminPassword</name> <value>secret</value> </option> </config> </datasource> </datasources> <modules> <module> <!--type used to correctly map in IdentityContext registry--> <type>User</type> <implementation>LDAP</implementation> <class> org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl </class> <config/> </module> <module> <type>Role</type> <implementation>LDAP</implementation> <class> org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl </class> <config/> </module> <module> <type>Membership</type> <implementation>LDAP</implementation> <class> org.jboss.portal.identity.ldap.LDAPStaticGroupMembershipModuleImpl </class> <config/> </module> <module> <type>UserProfile</type> <implementation>DELEGATING</implementation> <config> <option> <name>ldapModuleJNDIName</name> <value>java:/portal/LDAPUserProfileModule</value> </option> </config> </module> <module> <type>DBDelegateUserProfile</type> <implementation>DB</implementation> <config> <option> <name>randomSynchronizePassword</name> <value>true</value> </option> </config> </module> <module> <type>LDAPDelegateUserProfile</type> <implementation>LDAP</implementation> <config/> </module> </modules> <options> <option-group> <group-name>common</group-name> <option> <name>userCtxDN</name> <value>OU=McKesson,DC=bdxdom,DC=mck</value> </option> <option> <name>uidAttributeID</name> <value>sAMAccountName</value> </option> <option> <name>userSearchFilter</name> <value><![CDATA[(&((sAMAccountName={0})(objectClass=user)))]]></value> </option> <option> <name>roleCtxDN</name> <value>OU=McKesson,DC=bdxdom,DC=mck</value> </option> <option> <name>roleSearchFilter</name> <value><![CDATA[(&((CN={0})(objectClass=group)))]]></value> </option> <option> <name>searchScope</name> <value>SUBTREE_SCOPE</value> </option> </option-group> </options> </identity-configuration>
And i could get all the ldap informations I needed with the mapping in profile-config.xml
But when I try to use user and roles synchronisation(like above), I can't.
Is there an easier way to map the ldap informations?
Is it to possible to change the configuration in identity-config.xml to map LDAP?
Sorry to ask so many questions :)
Thanks in advance.
-
4. Re: How to get Ldap informations?
Hi,
if u find my last posted code sample was vague then (to what i understand from your question)
with the below posted code you can easily understand the way to use the Identity modules and use the methods provided by them to get the information needed from LDAP
hope this helps
UserModule module = (UserModule) new InitialContext().lookup("java:/portal/UserModule");
RoleModule roleModule =(RoleModule) new InitialContext().lookup("java:/portal/RoleModule");
UserProfileModule userProfileModule = (UserProfileModule) new InitialContext().lookup("java:/portal/UserProfileModule");
MembershipModule membershipModule = (MembershipModule) new InitialContext().lookup("java:/portal/MembershipModule");
org.jboss.portal.identity.User userIdentity;
userIdentity = (org.jboss.portal.identity.User) module.findUserByUserName(userName);
if org.jboss.portal.identity.User newCreateUser;
newCreateUser = (org.jboss.portal.identity.User)module.createUser(userName, password); -
5. Re: How to get Ldap informations?
Ok thanks for the tips :)
But, I think you didn't understand me, so I'll try to explain better.
I've a LDAP server with users. My configuration is like in my first post, I synchronise users and roles from Ldap with Jboss portal database.
Everything works fine and I can log in with ldap credentials.
The problem is : I want to retrieve attributes from my ldap server (email, street adress, job) and show them in user profile and after save them in jboss portal database. Where do I have to do the mapping for that?
I think the code you showed me is to get the username of the user who is logged in.
I hope my question is clear now, and sorry for the misunderstanding.
Thanks again for your help. :) -
6. Re: How to get Ldap informations?
Currently this is not supported with Synchronizing* login modules. To map profile attributes you should keep IdentityLoginModule and configure portal identity login modules with LDAP instead.
This is something we have on the roadmap but other priorities are higher. if you would like to contribute it shouldn't be hard to implement.
http://anonsvn.jboss.org/repos/portal/modules/identity/branches/JBP_IDENTITY_BRANCH_1_0/identity/src/main/org/jboss/portal/identity/auth/SynchronizingLDAPExtLoginModule.java -
7. Re: How to get Ldap informations?
Ok that's why I couldn't retrieve the attributes.
Thanks for your help :D
I would like to contribute but I'm just a beginner now :P maybe later. -
8. Re: How to get Ldap informations?
I've got similar problem to described above and I think could try to implement this feature. However I have problem accessing svn so if it is possible, could someone zip the identity package (I belive this one contains SynchronizingLDAPExtLoginModule.java) for me and send it via mail?
BTW. the SVN gives me:
svn: PROPFIND request failed
Best regards
Sebastian
P.S.
the email is sebastian.konkol@gmail.com