LdapExtLoginModule - Filtering for user groups
lob Mar 9, 2017 5:31 AMHello,
i am using Wildfly 10.1.0-final and LdapExtLoginModule for authentification. It works fine. Just the fact that everyone in our AD can log in disturbs me. I only want users be able to log in that are in the in the memberOf group "CN=specialUserGroup".
This is what my login module configuration looks like:
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/> <module-option name="java.naming.provider.url" value="ldap://admin-server10:389"/> <module-option name="java.naming.security.authentication" value="simple"/> <module-option name="bindDN" value="cn=admin,cn=Users,dc=domain,dc=com"/> <module-option name="bindCredential" value="xxx"/> <module-option name="baseCtxDN" value="cn=Users,dc=de-gmbh,dc=com"/> <module-option name="baseFilter" value="(sAMAccountName={0})"/> <module-option name="userBaseFilter" value="(memberOf=CN=specialUserGroup)"/> <module-option name="rolesCtxDN" value="cn=Users,dc=domain,dc=com"/> <module-option name="roleFilter" value="(member={1})"/> <module-option name="roleAttributeID" value="memberOf"/> <module-option name="roleNameAttributeID" value="cn"/> <module-option name="roleAttributeIsDN" value="true"/> <module-option name="roleRecursion" value="1"/> <module-option name="searchScope" value="SUBTREE_SCOPE"/> <module-option name="defaultRole" value="Administrator"/> <module-option name="allowEmptyPasswords" value="true"/> <module-option name="throwValidateError" value="true"/> </login-module>
I've found this: How to configure to a role group in LdapExtLoginModule in JBOSS EAP 6.3? (JBoss/WildFly forum at Coderanch)
<module-option name="baseFilter" value="(&(sAMAccountName={0})(memberOf=CN=ALL_CONTRACTORS,OU=GROUPS,OU=SMO,OU=COSAs,DC=eagle,DC=xxxx,DC=com))"/>
But doing it his way is causing an error..
11:21:10,632 INFO [org.jboss.as] (MSC service thread 1-7) WFLYSRV0049: WildFly Full 10.1.0.Final (WildFly Core 2.2.0.Final) starting 11:21:12,257 ERROR [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0055: Caught exception during boot: org.jboss.as.controller.persistence.ConfigurationPersistenceException: WFLYCTL0085: Failed to parse configuration at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:131) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final] at org.jboss.as.server.ServerService.boot(ServerService.java:357) [wildfly-server-2.2.0.Final.jar:2.2.0.Final] at org.jboss.as.controller.AbstractControllerService$1.run(AbstractControllerService.java:299) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final] at java.lang.Thread.run(Unknown Source) [rt.jar:1.8.0_121] Caused by: com.ctc.wstx.exc.WstxUnexpectedCharException: Unexpected character '(' (code 40) (expected a name start character) at [row,col {unknown-source}]: [437,50] at com.ctc.wstx.sr.StreamScanner.throwUnexpectedChar(StreamScanner.java:647) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.StreamScanner.parseFullName(StreamScanner.java:1933) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.StreamScanner.parseEntityName(StreamScanner.java:2057) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.StreamScanner.fullyResolveEntity(StreamScanner.java:1525) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.BasicStreamReader.parseAttrValue(BasicStreamReader.java:1938) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.BasicStreamReader.handleNsAttrs(BasicStreamReader.java:3065) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.BasicStreamReader.handleStartElem(BasicStreamReader.java:2963) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.BasicStreamReader.nextFromTree(BasicStreamReader.java:2839) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.BasicStreamReader.next(BasicStreamReader.java:1073) [woodstox-core-asl-4.4.1.jar:4.4.1] at com.ctc.wstx.sr.BasicStreamReader.nextTag(BasicStreamReader.java:1154) [woodstox-core-asl-4.4.1.jar:4.4.1] at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.nextTag(XMLExtendedStreamReaderImpl.java:152) [staxmapper-1.2.0.Final.jar:1.2.0.Final] at org.jboss.as.security.SecuritySubsystemParser.parseProperties(SecuritySubsystemParser.java:791) at org.jboss.as.security.SecuritySubsystemParser.parseCommonModule(SecuritySubsystemParser.java:718) at org.jboss.as.security.SecuritySubsystemParser.parseLoginModules(SecuritySubsystemParser.java:531) at org.jboss.as.security.SecuritySubsystemParser.parseAuthentication(SecuritySubsystemParser.java:520) at org.jboss.as.security.SecuritySubsystemParser.parseSecurityDomain(SecuritySubsystemParser.java:474) at org.jboss.as.security.SecuritySubsystemParser.parseSecurityDomains(SecuritySubsystemParser.java:417) at org.jboss.as.security.SecuritySubsystemParser.readElement(SecuritySubsystemParser.java:130) at org.jboss.as.security.SecuritySubsystemParser.readElement(SecuritySubsystemParser.java:95) at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.2.0.Final.jar:1.2.0.Final] at org.jboss.staxmapper.XMLExtendedStreamReaderImpl.handleAny(XMLExtendedStreamReaderImpl.java:69) [staxmapper-1.2.0.Final.jar:1.2.0.Final] at org.jboss.as.server.parsing.StandaloneXml_4.parseServerProfile(StandaloneXml_4.java:546) [wildfly-server-2.2.0.Final.jar:2.2.0.Final] at org.jboss.as.server.parsing.StandaloneXml_4.readServerElement(StandaloneXml_4.java:242) [wildfly-server-2.2.0.Final.jar:2.2.0.Final] at org.jboss.as.server.parsing.StandaloneXml_4.readElement(StandaloneXml_4.java:141) [wildfly-server-2.2.0.Final.jar:2.2.0.Final] at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:103) [wildfly-server-2.2.0.Final.jar:2.2.0.Final] at org.jboss.as.server.parsing.StandaloneXml.readElement(StandaloneXml.java:49) [wildfly-server-2.2.0.Final.jar:2.2.0.Final] at org.jboss.staxmapper.XMLMapperImpl.processNested(XMLMapperImpl.java:110) [staxmapper-1.2.0.Final.jar:1.2.0.Final] at org.jboss.staxmapper.XMLMapperImpl.parseDocument(XMLMapperImpl.java:69) [staxmapper-1.2.0.Final.jar:1.2.0.Final] at org.jboss.as.controller.persistence.XmlConfigurationPersister.load(XmlConfigurationPersister.java:123) [wildfly-controller-2.2.0.Final.jar:2.2.0.Final] ... 3 more
Could you please help me to solve this issue?
Thanks in advance.