6 Replies Latest reply on Feb 27, 2008 3:22 PM by ram k

    help needed in LDAP authentication in portal environ.

    ram k Newbie

      Hi iam using the portal server 2.6.3GA and iam trying to configure the server so that the user is authenticated against the LDAP server for which ia using the openDS server.

      i went through the Jboss docs . i want to know how to get the users from LDAP using the JBoss API provided for this.

      iam new to this environment so plz bare with this naive question.

      P.S : iam actually using the Spring AOP to intercept the service calls and wanted to authenticate the user against the LDAP.

      i want know how to do this programmatically..... any suggestions for this ?

      iam using this package....import org.jboss.security.auth.spi.Users.*;

        • 1. Re: help needed in LDAP authentication in portal environ.
          ram k Newbie

          can anybody out there help me out with this issue?

          • 2. Re: help needed in LDAP authentication in portal environ.
            Antoine Herzog Master

            sorry, but I don't understand what is your question, and what is the problem...

            if you read the jboss reference doc, it is explained how to use the LDAP features.

            from this, you can also see where to adapt the source code, for some more specific features... (if needed !...)

            so... may be if you tell more precisely what you don't understand, or what you call "the issue"....

            • 3. Re: help needed in LDAP authentication in portal environ.
              ram k Newbie

              first of all thanks for the response for which i was waiting ,

              this is the code iam using to retrieve users from the LDAP. here i try to get the usermodule reference.

              UsernamePasswordHandler handler = new UsernamePasswordHandler(userName, password.toCharArray());
              LoginContext loginContext = new LoginContext("portal", handler);
              loginContext.login();

              Subject subject = loginContext.getSubject();
              System.out.println("Subject: "+subject);
              Set groups = subject.getPrincipals(Group.class);
              Group roles = (Group) groups.iterator().next();

              UserModule module ;
              module = (UserModule) new InitialContext().lookup("java:/portal/UserModule");



              am i goin in a right way ? i have configured the server for authenticating against the LDAP.

              i have added the entry in joss-service.xml , and in ldap_identity-config.xml.

              in login-config.xml i added the following :
              <!DOCTYPE policy PUBLIC
              "-//JBoss//DTD JBOSS Security Config 3.0//EN"
              "http://www.jboss.org/j2ee/dtd/security_config.dtd">

              <!-- For the JCR CMS -->
              <application-policy name="cms">

              <login-module code="org.apache.jackrabbit.core.security.SimpleLoginModule" flag="required"/>

              </application-policy>
              <application-policy name="portal">

              <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
              <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
              <module-option name="java.naming.provider.url">ldap://localhost:10389/</module-option>
              <module-option name="java.naming.security.authentication">simple</module-option>
              <module-option name="bindDN">cn=Directory Manager</module-option>
              <module-option name="bindCredential">password</module-option>
              <module-option name="baseCtxDN">ou=People,dc=example,dc=com</module-option>
              <module-option name="baseFilter">(uid={0})</module-option>
              <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
              <module-option name="roleFilter">(member={1})</module-option>
              <module-option name="roleAttributeID">cn</module-option>
              <module-option name="roleRecursion">-1</module-option>
              <module-option name="searchTimeLimit">10000</module-option>
              <module-option name="searchScope">SUBTREE_SCOPE</module-option>
              <module-option name="allowEmptyPasswords">false</module-option>
              </login-module>
              <login-module code="org.jboss.portal.identity.auth.SynchronizingLoginModule" flag="optional">
              <module-option name="synchronizeIdentity">true</module-option>
              <module-option name="synchronizeRoles">true</module-option>
              <module-option name="additionalRole">Authenticated</module-option>
              <module-option name="defaultAssignedRole">User</module-option>
              <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option>
              <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option>
              <module-option name="membershipModuleJNDIName">java:/portal/MembershipModule</module-option>
              <module-option name="userProfileModuleJNDIName">java:/portal/UserProfileModule</module-option>
              </login-module>

              </application-policy>



              can u tell me how to retrieve users stored in LDAP?

              is there anything wrong iam doing? i read the jboss docs and followed them to configure LDAP.

              • 4. Re: help needed in LDAP authentication in portal environ.
                Christian Ziegner Newbie

                Do you want to retrieve portal users from LDAP? You don't have to do this programmatically, this is handled by portal LDAP integration. Did you check
                http://docs.jboss.com/jbportal/v2.6.4/referenceGuide/html/ldap.html?

                Worked fine for me...

                • 5. Re: help needed in LDAP authentication in portal environ.
                  ram k Newbie

                  hi i followed the jboss docs ..... i was actually tryin to write to test case ..... but now i just deployed and found it is working cool :)

                  this is what iam doing in my code


                  LoginContext lc = new LoginContext("portal",
                  new UsernamePasswordHandler("test", "test".toCharArray()));

                  UserModule module = (UserModule) new InitialContext().lookup("java:/portal/UserModule");
                  RoleModule roleModule =(RoleModule) new InitialContext().lookup("java:/portal/RoleModule");
                  UserProfileModule userProfileModule = (UserProfileModule) new InitialContext().lookup("java:/portal/UserProfileModule");
                  MembershipModule membershipModule= (MembershipModule) new InitialContext().lookup("java/portal/MembershipModule");

                  org.jboss.portal.identity.User userIdentity;
                  userIdentity = ( org.jboss.portal.identity.User) module.findUserByUserName("testUser");
                  String gotFromLdap = userIdentity.getUserName();
                  userIdentity.updatePassword("xyxyyx");

                  lc.logout();


                  now i have other questions cropping up........

                  1. In logincontext iam using "portal" but the problem is when iam building using maven all my tests are failing saying that no login is configured for "portal" ......

                  is there any other approach i can take ? or
                  how can i use LdapExtLoginModule in here.....

                  i want to use this for its advanced search feature.....

                  do u have suggestions.... plz guide me in this

                  BTW above code is working so anyone who wanted to have sample code for using Identity management API 's you can use this :)

                  thanks guyz.... but plz help me with above clarifications

                  • 6. Re: help needed in LDAP authentication in portal environ.
                    ram k Newbie

                    UserModule module = (UserModule) new InitialContext().lookup("java:/portal/UserModule");
                    RoleModule roleModule =(RoleModule) new InitialContext().lookup("java:/portal/RoleModule");
                    UserProfileModule userProfileModule = (UserProfileModule) new InitialContext().lookup("java:/portal/UserProfileModule");
                    MembershipModule membershipModule = (MembershipModule) new InitialContext().lookup("java:/portal/MembershipModule");


                    when im using the above code to lookup JNDI and getting the services iam not able to do a package with Maven.

                    this is the stack trace

                    Need to specify class name in environment or system property, or as an applet parameter, or in an application resource file: java.naming.factory.initial


                    is there any way to do this in a abstract way ?????