0 Replies Latest reply on Nov 15, 2007 10:53 AM by Jon Whitmore

    CMS and LDAP in 2.6.2

    Jon Whitmore Newbie

      Greetings coders

      I'm running AS 4.2.2.GA with portal 2.6.2 and authenticating against an LDAP server.

      Now I'm trying to use the CMS, but I'm somehow not authorized to see any content. My user has the "Admin" role, but I'm not given access to the CMS portlet.

      In my login-config.xml I have copied my working "portal" LDAP application-policy to the "cms" application-policy without any luck.

      Here's my CMS policy from login-config.xml. Where you see "correct" or "AwesomePassword" I have replaced company-specific information.


      <!-- For the JCR CMS -->
       <application-policy name="cms">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
       <module-option name="synchronizeIdentity">true</module-option>
       <module-option name="synchronizeRoles">true</module-option>
       <module-option name="additionalRole">Authenticated</module-option>
       <module-option name="defaultAssignedRole">User</module-option>
       <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
       <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
       <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
       <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
       <module-option name="password-stacking">useFirstPass</module-option>
       <module-option name="java.naming.provider.url">ldaps://correct.url.and:port/</module-option>
       <module-option name="java.naming.security.authentication">simple</module-option>
       <module-option name="java.naming.security.protocol">ssl</module-option>
       <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
       <module-option name="bindDN">uid=portal,ou=ServiceAccounts,dc=correct,dc=org</module-option>
       <module-option name="bindCredential">AwesomePassword</module-option>
       <module-option name="baseCtxDN">ou=People,dc=correct,dc=org</module-option>
       <module-option name="baseFilter">(&(objectClass=person)(uid={0}))</module-option>
       <module-option name="rolesCtxDN">ou=portal,ou=Groups,dc=correct,dc=org</module-option>
       <module-option name="roleFilter">(&(objectClass=groupofuniquenames)(uniquemember={1}))</module-option>
       <module-option name="roleAttributeIsDN">false</module-option>
       <module-option name="roleAttributeID">cn</module-option>
       <module-option name="roleRecursion">0</module-option>
       <module-option name="roleNameAttributeID">cn</module-option>
       <module-option name="searchScope">SUBTREE_SCOPE</module-option>
       <module-option name="defaultRole">Authenticated</module-option>
       <module-option name="unauthenticatedIdentity">Anonymous</module-option>
       <module-option name="allowEmptyPasswords">false</module-option>
       </login-module>
       </authentication>
       </application-policy>

      Any help appreciated!

      -nollie