0 Replies Latest reply on Dec 22, 2009 7:30 PM by Celinio Fernandes

    Configuring the application policy in login-config.xml for LDAP Apache DS

    Celinio Fernandes Novice
      Hi,
      I am using JBoss AS 5.1.0 GA and Apache  Directory Server.
      Can anyone tell me what lines to put in the application  policy configuration of my login-config.xml file
      for the following LDIF file  that i imported in Apache Directory Server ?
      This LDIF file defines 3 users and 2 roles :
      uid  : system  userPassword: manager   Roles: admin
      uid : user1   userPassword:  p1        Roles: guest
      uid : user2   userPassword: p2        Roles:  admin
      Here is the LDIF file that I imported with success  in Apache DS :

      # User: system
      dn: uid=system,ou=users,ou=system
      cn: John  Doe
      sn: Doe
      givenname: John
      objectclass: top
      objectclass:  person
      objectclass: organizationalPerson
      objectclass: inetOrgPerson
      ou:  Human Resources
      ou: People
      l: Las Vegas
      uid: system
      mail: system@apachecon.comm
      telephonenumber:  +1 408 555 5555
      facsimiletelephonenumber: +1 408 555 5556
      roomnumber:  4613
      userPassword: manager
      # User: user1
      dn: uid=user1,ou=users,ou=system
      cn: User
      sn:  One
      givenname: User1
      objectclass: top
      objectclass:  person
      objectclass: organizationalPerson
      objectclass: inetOrgPerson
      ou:  Human Resources
      ou: People
      l: Las Vegas
      uid: user1
      mail: user1@apachecon.comm
      telephonenumber:  +1 408 555 5555
      facsimiletelephonenumber: +1 408 555 5556
      roomnumber:  4613
      userPassword: p1
      # User: user2
      dn: uid=user2,ou=users,ou=system
      cn: User
      sn:  Two
      givenname: User2
      objectclass: top
      objectclass:  person
      objectclass: organizationalPerson
      objectclass: inetOrgPerson
      ou:  Human Resources
      ou: People
      l: Las Vegas
      uid: user2
      mail: user2@apachecon.comm
      telephonenumber:  +1 408 555 5555
      facsimiletelephonenumber: +1 408 555 5556
      roomnumber:  4613
      userPassword: p2
      # Group: admin
      dn: cn=admin,ou=groups,ou=system
      objectClass:  groupOfUniqueNames
      uniqueMember:  uid=system,ou=users,ou=system
      uniqueMember:  uid=user2,ou=users,ou=system
      cn: admin
      # Group: guest
      dn: cn=guest,ou=groups,ou=system
      objectClass:  groupOfUniqueNames
      uniqueMember: uid=user1,ou=users,ou=system
      cn:  guest


      I have tried the following application policy in my login-config.xml file but it  does not work :

      <application-policy  name="my_domaine_LDAP">
      <authentication>
      <login-module  code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required"  >
      <module-option  name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option  name="java.naming.provider.url">ldap://localhost:10389</module-option>
      <module-option  name="java.naming.security.authentication">simple</module-option>
      <module-option  name="bindDN">uid=system,ou=system</module-option>
      <module-option  name="bindCredential">manager</module-option>
      <module-option  name="baseCtxDN">cn=admin,ou=groups,ou=system</module-option>
      <module-option  name="baseFilter">(uid={0})</module-option>
      <module-option  name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>
      <module-option  name="roleFilter">(member={1})</module-option>
      <module-option  name="roleAttributeID">cn</module-option>
      <module-option  name="searchScope">ONELEVEL_SCOPE</module-option>
      <module-option  name="allowEmptyPasswords">true</module-option>
      </login-module>
      </authentication>
      </application-policy>

      Being not too familiar with LDAP, I am not too sure about certain options,  like bindCredential, bindDN, baseCtxDN ...
      Can someone please help me with the configuration of this application  policy ?
      Thanks in advance.