0 Replies Latest reply on May 2, 2012 9:46 AM by rasha123

    jboss ldapextloginmodule

    rasha123
    rasha123 May 2, 2012 9:46 AM

      hi ,

       

      im not sure if this is the right place to ask, if not plz direct me,

       

      im trying to authinticate jboss with active directory and i did this login file

       

       

       

       

       

      application-policy name="OpenKM">

           <authentication>

               <login-module flag="required" code="org.jboss.security.auth.spi.LdapExtLoginModule">

                   <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>

                <module-option name="java.naming.provider.url">ldap://10.100.xx.xx:389/</module-option>

                <module-option name="java.naming.security.authentication">simple</module-option>

                <module-option name="bindDN">xxx\Admin</module-option>

                <module-option name="bindCredential">password</module-option>

                <module-option name="baseCtxDN">ou=user,dc=xxx,dc=local</module-option>

                <module-option name="baseFilter">(sAMAccountName={0})</module-option>

                <module-option name="rolesCtxDN">ou=user,dc=xxx,dc=local</module-option>

                <module-option name="roleFilter">(member={1})</module-option>

                <module-option name="roleAttributeIsDN">true</module-option>

                <module-option name="roleNameAttributeID">name</module-option>

                <module-option name="java.naming.referral">follow</module-option>

              </login-module>

           </authentication>

      </application-policy>

       

      and this is my configuration file

      system.login.lowercase=on
      principal.adapter=com.openkm.principal.LdapPrincipalAdapter


      principal.ldap.server=ldap://10.100.200.91:389/

      principal.ldap.security.principal=CN=Admin,ou=user,dc=xx,dc=local

      principal.ldap.security.credentials=password

      principal.ldap.user.search.base=ou=user,dc=xxx,dc=local

      principal.ldap.user.search.filter=(objectclass=person)

      principal.ldap.user.attribute=sAMAccountName



      principal.ldap.role.search.base=ou=xxx,dc=xxx,dc=local

      principal.ldap.role.search.filter=(jectcoblass=group)


      principal.ldap.role.attribute=cn




      principal.ldap.mail.search.base=cn={0},ou=xxx,dc=xxx,dc=local

      principal.ldap.mail.search.filter=(&(objectclass=person)(sAMAccountName={0}))


      principal.ldap.mail.attribute=mail

      principal.ldap.users.by.role.search.base=ou=xxxx,dc=xxx,dc=local


      principal.ldap.users.by.role.search.filter=(objectclass=group)

      principal.ldap.users.by.role.attribute=member

      principal.ldap.roles.by.user.search.base=ou=xxxx,dc=xxx,dc=local


      principal.ldap.roles.by.user.search.filter=(&(objectclass=person)(sAMAccountName={0}))


      principal.ldap.roles.by.user.attribute=memberOf

       

      i can succesfully login with active directory user but the ploblem that all users and roles are not imported to openkm!!

       

      my active directory dn is

       

       

      "cn= user1, CN=group1,OU=xxx,DC=xxxx,DC=local"

      "cn= user2,CN=group2,OU=xxx,DC=xxxx,DC=local"

      "cn= user3,CN=group3,OU=xxx,DC=xxxx,DC=local"

       

      where users and roles (groups) under OU

       

      i m not sure if my mistake is in the configuring of roles ands users ?!

       

      any help

      • 709 Views
      • Tags: