Help on LDAP integration requested
brma Dec 16, 2009 4:32 PMDear Shane,
I need to create a small LDAP-administration tool and would like to use LdapIdentityStore. As I need to connect to an existing and running LDAP-Server, I am not allowed to change the schema nor the hirachy of the entries. To give you an impression of the hirachy, pls see an excerpt of the LDAP-schema below. Roles (captured in objectClass) and users are not seperated but on the same level:
# maincompany.at
dn: dc=maincompany,dc=at
dc: maincompany
objectClass: dcObject
objectClass: organization
o: maincompany
# admin, maincompany.at
dn: cn=admin,dc=maincompany,dc=at
objectClass: organizationalRole
cn: admin
# subcompany.at, maincompany.at
dn: o=subcompany.at,dc=maincompany,dc=at
gidNumber: 501
objectClass: companyOrganization
o: subcompany.at
cn: subcompany.at
# user1, subcompany.at, maincompany.at
dn: cn=user1,o=subcompany.at,dc=maincompany,dc=at
objectClass: posixAccount
objectClass: companyPerson
cn: user1.subcompany.at
cn: user1
uidNumber: 501
gidNumber: 501
uid: user1.subcompany.at
# user2, subcompany.at, maincompany.at
dn: cn=user2,o=subcompany.at,dc=maincompany,dc=at
objectClass: posixAccount
objectClass: companyPerson
cn: user2.subcompany.at
cn: user2
uidNumber: 502
gidNumber: 501
uid: user2.subcompany.at
# subcompany2.at, maincompany.at
dn: o=subcompany2.at,dc=maincompany,dc=at
gidNumber: 502
objectClass: companyOrganization
o: subcompany2.at
cn: subcompany2.at
# user1, subcompany2.at, maincompany.at
dn: cn=user1,o=subcompany2.at,dc=maincompany,dc=at
objectClass: posixAccount
objectClass: companyPerson
cn: user1.subcompany2.at
cn: user1
uidNumber: 503
gidNumber: 502
uid: user1.subcompany2.at
My components.xml is configured as follows:
<security:identity-manager identity-store="#{ldapIdentityStore}"/>
<security:ldap-identity-store
server-address="192.168.0.19"
bind-DN="cn=admin,dc=maincompany,dc=at"
bind-credentials="secret"
user-DN-prefix="uid="
user-DN-suffix=""
role-DN-prefix=""
role-DN-suffix=""
user-context-DN="dc=maincompany,dc=at"
role-context-DN="dc=maincompany,dc=at"
user-role-attribute="companyPerson"
role-name-attribute=""
user-object-classes="posixAccount,companyPerson"
enabled-attribute="enabled"
/>
The term "<security:identity/>" is left out as I wanna use the default method for authentication.
The pages used are the ones created via the Seam Integration in Eclipse (JBossTools). When I try to logon I receive the following error message:
[SeamLoginModule] Error invoking login method
Thanks a lot in advance for any reply/help!
Regards, Markus
I need to create a small LDAP-administration tool and would like to use LdapIdentityStore. As I need to connect to an existing and running LDAP-Server, I am not allowed to change the schema nor the hirachy of the entries. To give you an impression of the hirachy, pls see an excerpt of the LDAP-schema below. Roles (captured in objectClass) and users are not seperated but on the same level:
# maincompany.at
dn: dc=maincompany,dc=at
dc: maincompany
objectClass: dcObject
objectClass: organization
o: maincompany
# admin, maincompany.at
dn: cn=admin,dc=maincompany,dc=at
objectClass: organizationalRole
cn: admin
# subcompany.at, maincompany.at
dn: o=subcompany.at,dc=maincompany,dc=at
gidNumber: 501
objectClass: companyOrganization
o: subcompany.at
cn: subcompany.at
# user1, subcompany.at, maincompany.at
dn: cn=user1,o=subcompany.at,dc=maincompany,dc=at
objectClass: posixAccount
objectClass: companyPerson
cn: user1.subcompany.at
cn: user1
uidNumber: 501
gidNumber: 501
uid: user1.subcompany.at
# user2, subcompany.at, maincompany.at
dn: cn=user2,o=subcompany.at,dc=maincompany,dc=at
objectClass: posixAccount
objectClass: companyPerson
cn: user2.subcompany.at
cn: user2
uidNumber: 502
gidNumber: 501
uid: user2.subcompany.at
# subcompany2.at, maincompany.at
dn: o=subcompany2.at,dc=maincompany,dc=at
gidNumber: 502
objectClass: companyOrganization
o: subcompany2.at
cn: subcompany2.at
# user1, subcompany2.at, maincompany.at
dn: cn=user1,o=subcompany2.at,dc=maincompany,dc=at
objectClass: posixAccount
objectClass: companyPerson
cn: user1.subcompany2.at
cn: user1
uidNumber: 503
gidNumber: 502
uid: user1.subcompany2.at
My components.xml is configured as follows:
<security:identity-manager identity-store="#{ldapIdentityStore}"/>
<security:ldap-identity-store
server-address="192.168.0.19"
bind-DN="cn=admin,dc=maincompany,dc=at"
bind-credentials="secret"
user-DN-prefix="uid="
user-DN-suffix=""
role-DN-prefix=""
role-DN-suffix=""
user-context-DN="dc=maincompany,dc=at"
role-context-DN="dc=maincompany,dc=at"
user-role-attribute="companyPerson"
role-name-attribute=""
user-object-classes="posixAccount,companyPerson"
enabled-attribute="enabled"
/>
The term "<security:identity/>" is left out as I wanna use the default method for authentication.
The pages used are the ones created via the Seam Integration in Eclipse (JBossTools). When I try to logon I receive the following error message:
[SeamLoginModule] Error invoking login method
Thanks a lot in advance for any reply/help!
Regards, Markus