1 Reply Latest reply on Oct 26, 2010 3:53 AM by fquadt

Seam with LDAP

brunoskrebs.bruno.krebseng.com.br Jun 22, 2010 4:40 PM

Hello there,

I'm having trouble to configure an LDAP Identity Manager within seam (2.2.0.GA). I have read a lot of posts, blogs and references but I can´t figure it out how to fix it. So I hope someone here can help me.

What I want to do is to make people login to my application using their user and password from the LDAP. So I configured the components.xml like this:

<security:ldap-identity-store
                name="ldapIdentityStore"
                server-address="10.0.20.3"
                server-port="389"
                bind-DN="OU=TS,OU=Usuarios,DC=dbccompany,DC=com,DC=br"
                bind-credentials="secret"
                user-DN-suffix=",OU=TS,OU=Usuarios,DC=dbccompany,DC=com,DC=br"
                user-DN-prefix="cn="
                role-DN-prefix="cn="
                role-DN-suffix=",ou=Roles,dc=dbccompany,dc=com,dc=br"
                user-context-DN="OU=TS,ou=Usuarios,dc=dbccompany,dc=com,dc=br"
                role-context-DN="ou=Roles,dc=dbccompany,dc=com,dc=br"
                user-role-attribute="roles"
                role-name-attribute="cn"
                user-object-classes="person"
                enabled-attribute="enabled" />

        <security:identity-manager name="identityManager" identity-store="#{ldapIdentityStore}"/>

This is probably the source of the problem, since I'm not an expert in LDAP (actually this is the first time that I'm using it). The main doubts that I have about this configuration are:

the real meaning of bind-DN: do I have to put a valid user here to connect to ldap so seam can query it to see if the users passed to it are valid?

Are the role parameters (role-name-attribute, role-context-DN important to just authenticate the user?

After that I have my LoginAction class that looks like this:

package br.com.dbccompany.fiergs.controle;

// imports

@Scope(ScopeType.EVENT)
@Name("login")
public class LoginAction {
        @In
        private EntityManager entityManager;
        
        @Out(required=false, scope = ScopeType.SESSION)
        private Usuario usuario;
        
        @In
        private FacesMessages facesMessages;
        
        @In
        private IdentityManager identityManager;
                
        private String user;
        private String senha;

        //getters and setters
        
        public String loga() {
                if (identityManager.authenticate(user, senha)) {
                        return "true";
                } else {
                        facesMessages.add("Usuário inválido");
                        return "false";
                }
        }
}

So as you can see I use the identityManager object, instantiated by seam, to authenticate the user using the parameters passed to it. By the way senha means password.

Well, my application is running, but when I pass my credentials (user and password that I use in this LDAP domain) to LoginAction.loga it returns false. And when I try another combination, like something that I make up, wrong users and passwords, an Exception is thrown. This is the exception:

SEVERE: org.jboss.seam.security.management.IdentityManagementException: Authentication error
javax.faces.el.EvaluationException: org.jboss.seam.security.management.IdentityManagementException: Authentication error
...
Caused by: org.jboss.seam.security.management.IdentityManagementException: Authentication error
...
Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334

Can someone help me configuring this?

Thanks in advance!
Bruno Krebs

1. Re: Seam with LDAP

fquadt Oct 26, 2010 3:53 AM (in response to brunoskrebs.bruno.krebseng.com.br)

Hi Bruno,

did you get your questions answered? I am dealing with a similar problem. I have been asking myself how the user entered password is sent to the ldap to authenticate username and password.

Florian
Actions