0 Replies Latest reply on Jun 15, 2006 10:45 PM by raghu raghu

    custom login module (Portal with LDAP)

    raghu raghu Newbie


      Currently, I am using the,

      JBoss AS 4.0.3SP1
      JBoss Portal 2.2
      mySQL 4.1
      OpenLDAP

      Bascially, i am trying for authenication and authorization by using portal through LDAP.
      I had gone through the link http://www.jboss.com/index.html?module=bb&op=viewtopic&t=75745&postdays=0&postorder=asc&start=0 and made the following changes.


      1) update the login-config.xml (given below)

      <application-policy name="portal">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="requisite">
       <module-option name="password-stacking">useFirstPass</module-option>
       <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
       <module-option name="java.naming.provider.url">ldap://testserver-09:389/</module-option>
       <module-option name="java.naming.security.authentication">simple</module-option>
       <module-option name="java.naming.security.principal">cn=ldapadmin,ou=famie,dc=org,dc=com</module-option>
       <module-option name="java.naming.security.credentials">ldap123</module-option>
       <module-option name="principalDNPrefix">uid=</module-option>
       <module-option name="principalDNSuffix">,ou=People,ou=famie,dc=org,dc=com</module-option>
       <module-option name="rolesCtxDN">ou=Roles,dc=org,dc=com</module-option>
       <module-option name="uidAttributeID">uniqueMember</module-option>
       <module-option name="matchOnUserDN">true</module-option>
       <module-option name="roleAttributeID">cn</module-option>
       <module-option name="roleAttributeIsDN">false</module-option>
       <module-option name="searchTimeLimit">5000</module-option>
       <module-option name="searchScope">SUBTREE_SCOPE</module-option>
       <module-option name="defaultRole">Authenticated</module-option>
       </login-module>
       <login-module code="org.jboss.portal.core.security.jaas.ExtModelLoginModule" flag="required">
       <module-option name="unauthenticatedIdentity">guest</module-option>
       <module-option name="hashAlgorithm">MD5</module-option>
       <module-option name="hashEncoding">HEX</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       </login-module>
       </authentication>
       </application-policy>



      so, basically first login-module is for aunthentication of the users at LDAP.
      second login-module is for portal database.

      2) I used the custom class ExtModelLoginModule and which was update in the login-config.xml
      so, i compiled the portal source code and deployed in the JBoss AS 4.0.3SP1

      Case 1:
      ---------
      If I enter a userid and password which are existing in LDAP and also userid present in the portal database, I am getting the portal screens.
      Case 2:
      ----------
      now, if I enter a userid and password which are existing in LDAP and not in portal database, I am getting an error page saying that "Login Failed!
      --Sorry, your username and/or password could not be verified."
      so, basically, here also authentication from LDAP is success and now when processing the second login-module, i hope it is getting the problem.
      And I checked in the log files, i couldnt see any errors even.

      my Question is :

      1) I am not sure, how to get the roles for the logged user from LDAP and then inform to portal??

      Can I know, where I made mistakes??

      if this question is not clear, pls let me know so that I can give details clearly regarding what I did.


      with regards,
      Raghuram