2 Replies Latest reply on Jan 6, 2010 7:03 AM by nickwolf

LdapExtLoginModule configuration JBOSS 5.1.0

nickwolf Dec 23, 2009 5:26 AM

Hi All,

i am trying to configure Iplanet LDAP for jmx-console (To login to Admin console).

i have modified the login-config.xml as follows

<application-policy name="jmx-console">
    <authentication>
            <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
                          flag="required">
                <module-option name="java.naming.factory.initial">
                    com.sun.jndi.ldap.LdapCtxFactory
                    </module-option>
                <module-option name="java.naming.provider.url">
                    ldap://matt:389
                </module-option>
                <module-option name="java.naming.security.authentication">
                    simple
                </module-option>
                <module-option name="java.naming.security.credentials">user</module-option>
                <module-option name="principalDNPrefix">uid=</module-option>
                <module-option name="principalDNSuffix">,ou=People,dc=domain,dc=user,dc=com</module-option>
                <module-option name="rolesCtxDN">ou=Roles,dc=user,dc=com</module-option>
                <module-option name="uidAttributeID">user</module-option>
                <module-option name="matchOnUserDN">true</module-option>
                <module-option name="roleAttributeID">cn</module-option>
                <module-option name="roleAttributeIsDN">false</module-option>
                <module-option name="searchTimeLimit">5000</module-option>
                <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
            </login-module>
        </authentication>
</application-policy>

and when i tried to login it neather let me login nor any error in server log files...

What i am missing here? i even tried giving wrong ldap server name but it did not give any error in logs...

Any ideas please?

Thanks,

Nick

1. Re: LdapExtLoginModule configuration JBOSS 5.1.0

wolfgangknauf Dec 23, 2009 6:13 AM (in response to nickwolf)

Hi,

did you activate logging of the security layer? See here, question 4: http://community.jboss.org/wiki/SecurityFAQ
This should provide you with debugging output and error messages of e.g. the login module.

Hope this helps

Wolfgang
1 of 1 people found this helpful
Actions
2. Re: LdapExtLoginModule configuration JBOSS 5.1.0

nickwolf Jan 6, 2010 7:03 AM (in response to wolfgangknauf)

Hi

i have followed the steps in the module and its working fine...

InitialContext ctx = new InitialContext();
        JaasSecurityManager jsm1 = (JaasSecurityManager) ctx.lookup("java:/jaas/myLoginModule");
        String securityDomain = jsm1.getSecurityDomain();

        SecurityAssociationHandler handler = new
        SecurityAssociationHandler();
        Principal user = new SimplePrincipal(j_username);
        handler.setSecurityInfo(user, j_password.toCharArray());
        LoginContext loginContext = new LoginContext(securityDomain,
        (CallbackHandler)handler);
        loginContext.login();
        Subject subject = loginContext.getSubject();
This way it works and is validating the user but when i call this method (request.getUserPricipal() ) getting NULL..

Is there any way that i can pass authentication to Servlet like we have in weblogic?

Thanks,
Nick
Actions

Go to original post