1 Reply Latest reply on Jul 28, 2012 7:57 PM by brieweb

Using Seam with LDAP

brieweb Jul 27, 2012 2:41 AM

I am trying to use Seam with LDAP. But, it doesn't seem to work. What am I missing?

First, I created a project using seam-gen.

I commented out the default authenticate method in components.xml cfreated by seam-gen

<!--	<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/> -->

I put the following in components.xml for ldap.

<security:identity-manager identity-store="#{ldapIdentityStore}"/>

<security:ldap-identity-store

server-address="localhost"

server-port="10389"

bind-DN="uid=admin,ou=system"

bind-credentials="secret"

user-DN-prefix="uid="

user-DN-suffix=",ou=People,dc=example,dc=com"

role-DN-prefix="cn="

role-DN-suffix=",ou=Roles,dc=example,dc=com"

user-context-DN="ou=People,dc=example,dc=com"

role-context-DN="ou=Roles,dc=example,dc=com"

user-role-attribute="member"

role-name-attribute="cn"

user-object-classes="person,uidObject"

enabled-attribute="enabled"

I am using Apache DS. This is my ldif file.

dn: dc=example,dc=com

objectclass: top

objectclass: dcObject

objectclass: organization

dc: example

o: MCC

dn: ou=People,dc=example,dc=com

objectclass: top

objectclass: organizationalUnit

ou: People

dn: uid=admin,ou=People,dc=example,dc=com

objectclass: top

objectclass: uidObject

objectclass: person

uid: admin

cn: Admin

sn: Admin

userPassword: simple

dn: uid=brian,ou=People,dc=example,dc=com

objectclass: top

objectclass: uidObject

objectclass: person

uid: brian

cn: Brian

sn: Lavender

userPassword: sample

dn: ou=Roles,dc=example,dc=com

objectclass: top

objectclass: organizationalUnit

ou: Roles

dn: cn=Admin,ou=Roles,dc=example,dc=com

objectClass: top

objectClass: groupOfNames

cn: Admin

description: the DiapasonAdmin group

member: uid=admin,ou=People,dc=example,dc=com

member: uid=brian,ou=People,dc=example,dc=com

dn: cn=Power,ou=Roles,dc=example,dc=com

objectClass: top

objectClass: groupOfNames

cn: Power

description: the Power users

member: uid=brian,ou=People,dc=example,dc=com

1. Re: Using Seam with LDAP

brieweb Jul 28, 2012 7:57 PM (in response to brieweb)
I got it working using JAAS in JBoss 5.1 and Apache Directory Studio. Here are the steps.
First, create your ldap server in Apache Directory Studio.
create a new server in Apache directory studio
Start the new server
Create a connection to the new server
Add the following LDIF file to your server.

dn: dc=example,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
dc: example
o: MCC

dn: ou=People,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People

dn: uid=admin,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: admin
cn: Admin
sn: Admin
userPassword: simple

dn: uid=brian,ou=People,dc=example,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: brian
cn: Brian
sn: Lavender
userPassword: sample

dn: ou=Roles,dc=example,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles

dn: cn=admin,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: admin
description: the DiapasonAdmin group
member: uid=admin,ou=People,dc=example,dc=com
member: uid=brian,ou=People,dc=example,dc=com

dn: cn=power,ou=Roles,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: power
description: the Power users
member: uid=brian,ou=People,dc=example,dc=com

Now that the LDAP server is created, modify your JBoss AS so that it has a JAAS "application-policy" for your JBoss Server. Add the following to the file "${JBOSS_HOME}/server/default/conf/login-config.xml" just before the final </policy> in the file . I used JBoss 5.1 for this example.

    <application-policy name="example">
     <authentication>
     <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
     <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
     <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>
     <module-option name="java.naming.security.authentication">simple</module-option>
     <module-option name="bindDN">uid=admin,ou=system</module-option>
     <module-option name="bindCredential">secret</module-option>
     <module-option name="baseCtxDN">ou=People,dc=example,dc=com</module-option>
     <module-option name="baseFilter">(uid={0})</module-option>

     <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
     <module-option name="roleFilter">(member={1})</module-option>
     <module-option name="roleAttributeID">cn</module-option>
     <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
     <module-option name="allowEmptyPasswords">true</module-option>
     </login-module>
     </authentication>
    </application-policy>

Now create Seam application using seam-gen. Change the line for authentication in components.xml
from
<security:identity authenticate-method="#{authenticator.authenticate}"
                           security-rules="#{securityRules}"
                              remember-me="true"/>
to
<security:identity jaas-config-name="example" remember-me="true"/>

Now log into your applicaiton using either "brian" or admin.

References:
http://www.len.ro/work/jboss-and-ldap/
http://seamframework.org/Documentation/SimpleJAASExample
Actions