0 Replies Latest reply on Oct 18, 2012 5:07 AM by mc.idbs

    Setup login Module for multiple jboss with different base DN

    mc.idbs
    mc.idbs Oct 18, 2012 5:07 AM

      First of all I am sorry if this is the wrong forum, if it is please direct me to the correct one.

       

       

      I have a need to allow an application using Jboss to authenticate with MS LDAP. There are TWO LDAP servers one in the US the other in the UK. There are different based DN's a .co.uk and and inc.com.

      If a user doesnt exist in one then the other must be used, if they exist in neither login should fail.

       

      I have tried different combinations of stacking and I cannot find one that works. Is this possible and if it is can someone please suggest the correct structure to a relative jboss newbie like myself.

       

       

      my last attempt looked a little like:

      <application-policy name="application">

              <authentication>








      		<login-module code="xxxxjaas.AuthenticationLoginModule" flag="required">

                        <module-option name="java.naming.provider.url">ldap://server.companyname.co.uk:389/</module-option>

                        <module-option name="java.naming.security.principal">CN=Finance,OU=Users,OU=General Accounts,DC=companyname,DC=co,DC=uk</module-option>

                        <module-option name="java.naming.security.credentials">password</module-option>

                        <module-option name="baseDN">dc=companyname,dc=co,dc=uk</module-option>

                        <module-option name="userFilter"><![CDATA[(&(objectclass=*)(sAMAccountName=<username>))]]></module-option>

                        <module-option name="allowLDAPAuthentication">true</module-option>





      		  <module-option name="allowEmptyPasswords">false</module-option>

       

       

                  </login-module>








      		<login-module code="xxxxjaas.AuthenticationLoginModule" flag="required">

                        <module-option name="java.naming.provider.url">ldap://server.companyname.inc.com:389/</module-option>

                        <module-option name="java.naming.security.principal">CN=Finance,OU=Users,OU=General Accounts,DC=companyname,DC=inc,DC=com</module-option>

                        <module-option name="java.naming.security.credentials">password</module-option>

                        <module-option name="baseDN">dc=companyname,dc=inc,dc=com</module-option>

                        <module-option name="userFilter"><![CDATA[(&(objectclass=*)(sAMAccountName=<username>))]]></module-option>

                        <module-option name="allowLDAPAuthentication">true</module-option>





      		  <module-option name="allowEmptyPasswords">false</module-option>

       

       

                  </login-module>





              </authentication>

          </application-policy>