Hello!!
I would like to authenticate the user only if he is in a specific group.
for my test I have two users:
I have an active directory :
OU=Role,DC=XXXX,DC=xxx
---admin
---usr
OU=People,DC=ldaphost,DC=xxx
---user1
---user2
usr1
is in the "admin", usr2
is in the "usr" and I authenticate the user via JBoss withLdapLoginModule
in the standalone.xml
.
standelone.xml:
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://ldaphost"/>
<module-option name="
rolesCtxDN" value="CN=admin,OU=Role,DC=ldaphost,DC=xxx"/>
<module-option name="principalDNSuffix" value="@ldaphost.xxx"/>
<module-option name="java.naming.security.authentication" value="simple"/>
</login-module>
The result is:
usr1
success loginusr2
success tooSo the rolesCtxDN used does not work properly or is not used at all, and I have no error.
Someone has an idea of the problem? Anyone have another way to use a user according to his group?