Ldap Configuration With Jboss Portal
amitdon19 Jul 2, 2008 12:14 PMHi All,
I am unable get to log in into Portal after configuring Portal with OpenDS Ldap.
When first time i am trying to get log in by user/user credential its showing me an error of "message: Access to the requested resource has been denied.description: Access to the specified resource (Access to the requested resource has been denied) has been forbidden."
but on very second attempt portal get authenticate with same credentials (user/user).This same case happens with admin/admin credentials.
but if I am trying to get log in with other credentials then it shows me an error of "Your account is disabled ">
Please help me out with this error.
I made following changes to configure portal with OpenDS Ldap:
All changes are in Bold
I used Following ldif:
dn: dc=jboss,dc=org objectclass: top objectclass: dcObject objectclass: organization dc: jboss o: jboss dn: ou=People,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: People dn: uid=user,ou=People,dc=jboss,dc=org objectclass: top objectclass: inetOrgPerson objectclass: person uid: user cn: JBoss Portal user sn: user userPassword: user mail: email@email.com dn: uid=admin,ou=People,dc=jboss,dc=org objectclass: top objectclass: inetOrgPerson objectclass: person uid: admin cn: JBoss Portal admin sn: admin userPassword: admin mail: email@email.com dn: ou=Roles,dc=jboss,dc=org objectclass: top objectclass: organizationalUnit ou: Roles dn: cn=User,ou=Roles,dc=jboss,dc=org objectClass: top objectClass: groupOfNames cn: User description: the JBoss Portal user group member: uid=user,ou=People,dc=jboss,dc=org dn: cn=Admin,ou=Roles,dc=jboss,dc=org objectClass: top objectClass: groupOfNames cn: Echo description: the JBoss Portal admin group member: uid=admin,ou=People,dc=jboss,dc=org
1.In C:\jboss-portal-2.6.5.SP1\server\default\deploy\jboss-portal.sar\META-INF\jboss-service.xml
<mbean code="org.jboss.portal.core.identity.service.IdentityServiceControllerImpl" name="portal:service=Module,type=IdentityServiceController" xmbean-dd="" xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean"> <xmbean/> <depends>portal:service=Hibernate</depends> <depends optional-attribute-name="IdentityEventBroadcaster" proxy-type="attribute">portal:service=IdentityEventManager</depends> <attribute name="JndiName">java:/portal/IdentityServiceController</attribute> <attribute name="RegisterMBeans">true</attribute> <attribute name="ConfigFile">conf/identity/ldap_identity-config.xml</attribute> <attribute name="DefaultConfigFile">conf/identity/standardidentity-config.xml</attribute> </mbean>
2.In C:\jboss-portal-2.6.5.SP1\server\default\deploy\jboss-portal.sar\conf\identity\ldap_identity-config.xml
<identity-configuration> <datasources> <datasource> <name>LDAP</name> <config> <option> <name>host</name> <value>localhost</value> </option> <option> <name>port</name> <value>389</value> </option> <option> <name>adminDN</name> <value>cn=Directory Manager</value> </option> <option> <name>adminPassword</name> <value>password</value> </option> <!--<option> <name>protocol</name> <value>ssl</value> </option>--> </config> </datasource> </datasources> <modules> <module> <!--type used to correctly map in IdentityContext registry--> <type>User</type> <implementation>LDAP</implementation> <!--Use this implementation for more flexible user retrieval--> <class> org.jboss.portal.identity.ldap.LDAPExtUserModuleImpl </class> <config/> </module> <module> <type>Role</type> <implementation>LDAP</implementation> <!--Use this implementation for more flexible user retrieval--> <class> org.jboss.portal.identity.ldap.LDAPExtRoleModuleImpl </class> <config/> </module> <module> <type>Membership</type> <implementation>LDAP</implementation> <config/> </module> <module> <type>UserProfile</type> <implementation>DELEGATING</implementation> <config> <option> <name>ldapModuleJNDIName</name> <value>java:/portal/LDAPUserProfileModule</value> </option> </config> </module> <module> <type>DBDelegateUserProfile</type> <implementation>DB</implementation> <config> <option> <name>randomSynchronizePassword</name> <value>true</value> </option> </config> </module> <module> <type>LDAPDelegateUserProfile</type> <implementation>LDAP</implementation> <config/> </module> </modules> <options> <option-group> <group-name>common</group-name> <option> <name>userCtxDN</name> <value>ou=People,dc=jboss,dc=org</value> </option> <!--Uncomment to use with LDAPExtUserModuleImpl--> <option> <name>userSearchFilter</name> <value><![CDATA[(&((uid={0})(objectClass=person)))]]></value> </option> <option> <name>roleCtxDN</name> <value>ou=Roles,dc=jboss,dc=org</value> </option> <!--Uncomment to use with LDAPExtRoleModuleImpl--> <option> <name>roleSearchFilter</name> <value><![CDATA[(&((cn={0})(objectClass=groupOfNames)))]]></value> </option> </option-group> </options> </identity-configuration>
3.In C:\jboss-portal-2.6.5.SP1\server\default\deploy\jboss-portal.sar\conf\login-config.xml
<application-policy name="portal"> <authentication> <login-module code="org.jboss.portal.identity.auth.IdentityLoginModule" flag="sufficient"> <module-option name="unauthenticatedIdentity">guest</module-option> <module-option name="userModuleJNDIName">java:/portal/UserModule</module-option> <module-option name="roleModuleJNDIName">java:/portal/RoleModule</module-option> <module-option name="additionalRole">Authenticated</module-option> <module-option name="password-stacking">useFirstPass</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name="java.naming.factory.initial"> com.sun.jndi.ldap.LdapCtxFactory </module-option> <module-option name="java.naming.provider.url"> ldap://localhost:389/ </module-option> <module-option name="java.naming.security.authentication"> simple </module-option> <module-option name="bindDN">cn=Directory Manager</module-option> <module-option name="bindCredential">password</module-option> <module-option name="baseCtxDN">ou=People,dc=jboss,dc=org</module-option> <module-option name="baseFilter">(uid={0})</module-option> <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option> <module-option name="roleFilter">(member={1})</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleRecursion">-1</module-option> <module-option name="roleNameAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="searchTimeLimit">5000</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> </login-module> </authentication> </application-policy>