Configuring the application policy in login-config.xml for LDAP Apache DS
Hi,
I am using JBoss AS 5.1.0 GA and Apache Directory Server.
Can anyone tell me what lines to put in the application policy configuration of my login-config.xml file
for the following LDIF file that i imported in Apache Directory Server ?
I am using JBoss AS 5.1.0 GA and Apache Directory Server.
Can anyone tell me what lines to put in the application policy configuration of my login-config.xml file
for the following LDIF file that i imported in Apache Directory Server ?
This LDIF file defines 3 users and 2 roles :
uid : system userPassword: manager Roles: admin
uid : user1 userPassword: p1 Roles: guest
uid : user2 userPassword: p2 Roles: admin
uid : system userPassword: manager Roles: admin
uid : user1 userPassword: p1 Roles: guest
uid : user2 userPassword: p2 Roles: admin
Here is the LDIF file that I imported with success in Apache DS :
# User: system
dn: uid=system,ou=users,ou=system
cn: John Doe
sn: Doe
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Las Vegas
uid: system
mail: system@apachecon.comm
telephonenumber: +1 408 555 5555
facsimiletelephonenumber: +1 408 555 5556
roomnumber: 4613
userPassword: manager
cn: John Doe
sn: Doe
givenname: John
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Las Vegas
uid: system
mail: system@apachecon.comm
telephonenumber: +1 408 555 5555
facsimiletelephonenumber: +1 408 555 5556
roomnumber: 4613
userPassword: manager
# User: user1
dn: uid=user1,ou=users,ou=system
cn: User
sn: One
givenname: User1
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Las Vegas
uid: user1
mail: user1@apachecon.comm
telephonenumber: +1 408 555 5555
facsimiletelephonenumber: +1 408 555 5556
roomnumber: 4613
userPassword: p1
cn: User
sn: One
givenname: User1
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Las Vegas
uid: user1
mail: user1@apachecon.comm
telephonenumber: +1 408 555 5555
facsimiletelephonenumber: +1 408 555 5556
roomnumber: 4613
userPassword: p1
# User: user2
dn: uid=user2,ou=users,ou=system
cn: User
sn: Two
givenname: User2
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Las Vegas
uid: user2
mail: user2@apachecon.comm
telephonenumber: +1 408 555 5555
facsimiletelephonenumber: +1 408 555 5556
roomnumber: 4613
userPassword: p2
cn: User
sn: Two
givenname: User2
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
ou: Human Resources
ou: People
l: Las Vegas
uid: user2
mail: user2@apachecon.comm
telephonenumber: +1 408 555 5555
facsimiletelephonenumber: +1 408 555 5556
roomnumber: 4613
userPassword: p2
# Group: admin
dn: cn=admin,ou=groups,ou=system
objectClass: groupOfUniqueNames
uniqueMember: uid=system,ou=users,ou=system
uniqueMember: uid=user2,ou=users,ou=system
cn: admin
objectClass: groupOfUniqueNames
uniqueMember: uid=system,ou=users,ou=system
uniqueMember: uid=user2,ou=users,ou=system
cn: admin
# Group: guest
dn: cn=guest,ou=groups,ou=system
objectClass: groupOfUniqueNames
uniqueMember: uid=user1,ou=users,ou=system
cn: guest
objectClass: groupOfUniqueNames
uniqueMember: uid=user1,ou=users,ou=system
cn: guest
I have tried the following application policy in my login-config.xml file but it does not work :
<application-policy name="my_domaine_LDAP">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">uid=system,ou=system</module-option>
<module-option name="bindCredential">manager</module-option>
<module-option name="baseCtxDN">cn=admin,ou=groups,ou=system</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">uid=system,ou=system</module-option>
<module-option name="bindCredential">manager</module-option>
<module-option name="baseCtxDN">cn=admin,ou=groups,ou=system</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">true</module-option>
</login-module>
</authentication>
</application-policy>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="allowEmptyPasswords">true</module-option>
</login-module>
</authentication>
</application-policy>
Being not too familiar with LDAP, I am not too sure about certain options, like bindCredential, bindDN, baseCtxDN ...
Can someone please help me with the configuration of this application policy ?
Thanks in advance.