2 Replies Latest reply on May 7, 2010 9:36 PM by joepwro.joepwro.gmail.com

    LDAP authentication, multiple groups

    rowin
    rowin Dec 2, 2009 11:17 AM
      Hi

      I am trying to configure LDAP authentication.
      The users in the LDAP which need to be able to authenticate are spread over multiple groups.

      there are users following forms:

      CN=username,CN=USERS,DC=company,DC=tld
      CN=username,CN=city,CN=subcompany,DC=company,DC=tld
      CN=username,CN=group,CN=subcompany,DC=company,DC=tld

      Is there a way to configure the LDAP identity store to be able to authenticate all the users in these groups?
      I just need authentication, the roles are found in our database.

      Thanks in advance!

      Rowin


        • 1. Re: LDAP authentication, multiple groups
          jyothi.a_jyothisree.yahoo.co.in
          jyothi.a_jyothisree.yahoo.co.in Dec 15, 2009 11:42 AM (in response to rowin)

          Hi



          Can u give the LDAP authentication configuration u made in u r server in detail .....


          Regards

            • Actions
          • 2. Re: LDAP authentication, multiple groups
            joepwro.joepwro.gmail.com
            joepwro.joepwro.gmail.com May 7, 2010 9:36 PM (in response to rowin)
            My LDAP configuration in components.xml is:

            <security:ldap-identity-store name="ldapIdentityStore"
                      server-address="***Redacted***"
                      server-port="389"
                      bind-DN="CN=***Redacted***,OU=Services,DC=domain_name,DC=corp"
                      bind-credentials="***Redacted***"

                      user-name-attribute="sAMAccountName"
                      user-DN-prefix="DOMAIN_NAME\"
                      user-DN-suffix=""
                      role-name-attribute="name"
                      role-attribute-is-DN="true"
                      
                      user-context-DN="OU=deptX,DC=domain_name,DC=corp"
                      role-context-DN="OU=deptX,DC=domain_name,DC=corp"
                      
                      user-role-attribute="memberOf"
                      user-object-classes="user"
                      role-object-classes="group"
                 />

            I am able to authenticate users in different locations of LDAP directory, but I cannot get the roles of users in different locations of the LDAP directory.

            Calling identityManager.getGrantedRole() uses the "user-context-DN" value.  But I am only able to specify one context.  I tried using wildcards like:  user-context-DN="OU=*, ....", but that generates an error.

            Is there a way to do this configuration to get the roles of users in different parts of the LDAP directory?
              • Actions