1 Reply Latest reply on Mar 27, 2013 3:30 PM by kclair-rei

    JBoss EAP 6.0 - LDAP & management interface confusion

    kclair-rei
    kclair-rei Mar 18, 2013 1:57 PM

      Hello,

       

      I'm running JBoss EAP 6.0.1 in domain mode and making the following changes on the domain controller.

       

      I'm trying to get LDAP authentication working for the management console.

       

      I've followed the instructions here:

      https://access.redhat.com/knowledge/docs/en-US/JBoss_Enterprise_Application_Platform/6-Alpha/html/Administration_and_Configuration_Guide/Use_LDAP_to_Authenticate_to_the_Management_Interfaces1.html

       

      When I follow those instructions, I am not longer even prompted for a username/password and simply get the error:
      "The web console could not be loaded.

      Authentication required."

       

      There is nothing in the logs regarding anything about an LDAP connection.

       

      I'm confused about whether or not I *also* need to add something in the security-domains section of domain.xml?

       

      This is what the management section of host.xml contains (with sensitive information Xed out):

       

      <management>
      <security-realms>
      <security-realm name="ManagementRealm">
      <authentication>
      <local default-user="$local" />
      <properties path="mgmt-users.properties" relative-to="jboss.domain.config.dir"/>
      </authentication>
      </security-realm>
      <security-realm name="ApplicationRealm">
      <authentication>
      <local default-user="$local" allowed-users="*" />
      <properties path="application-users.properties" relative-to="jboss.domain.config.dir" />
      </authentication>
      <authorization>
      <properties path="application-roles.properties" relative-to="jboss.domain.config.dir"/>
      </authorization>
      </security-realm>
      <security-realm name="LDAPRealm">
      <authentication>
      <ldap connection="ldap_connection" base-dn="OU=xxxx,OU=XXXX,DC=xxxx,DC=com">
      <username-filter attribute="uid"/>
      </ldap>
      </authentication>
      </security-realm>
      </security-realms>
      <management-interfaces>
      <native-interface security-realm="ManagementRealm">
      <socket interface="management" port="${jboss.management.native.port:9999}"/>
      </native-interface>
      <http-interface security-realm="LDAPRealm">
      <socket interface="management" port="${jboss.management.http.port:9990}"/>
      </http-interface>
      </management-interfaces>
      <outbound-connections>
      <ldap name="ldap_connection" url="ldap://xxx.com" search-dn="cn=xxxx,OU=xxxx,OU=xxxx,OU=xxxxx,DC=xxxxx,DC=com" search-credential="xxxxx"/>
      </outbound-connections>
      </management>