0 Replies Latest reply on May 3, 2013 4:05 AM by nataku

    how to specify the group to authenticate user in ldaploginmodule and jboss configuration

    nataku

      Hello!!

      I would like to authenticate the user only if he is in a specific group.

      for my test I have two users:

      • one user is in the FIRST GROUP
      • other is in de SECOND GROUP

      I have an active directory :

      OU=Role,DC=XXXX,DC=xxx

          ---admin

           ---usr

      OU=People,DC=ldaphost,DC=xxx

           ---user1

           ---user2

      usr1 is in the "admin", usr2 is in the "usr" and I authenticate the user via JBoss withLdapLoginModule in the standalone.xml.

      standelone.xml:

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">

                <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                <module-option name="java.naming.provider.url" value="ldap://ldaphost"/>

               

                 <module-option name="rolesCtxDN" value="CN=admin,OU=Role,DC=ldaphost,DC=xxx"/>         

              

                <module-option name="principalDNSuffix" value="@ldaphost.xxx"/>

                <module-option name="java.naming.security.authentication" value="simple"/>

      </login-module>

      The result is:

      • the usr1 success login
      • the usr2 success too

      So the rolesCtxDN used does not work properly or is not used at all, and I have no error.

      Someone has an idea of the problem? Anyone have another way to use a user according to his group?