2 Replies Latest reply on Jan 6, 2010 7:03 AM by nick wolf

    LdapExtLoginModule configuration JBOSS 5.1.0

    nick wolf Newbie

      Hi All,

       

      i am trying to configure Iplanet LDAP for jmx-console (To login to Admin console).

      i have modified the login-config.xml as follows

       

      <!-- A template configuration for the jmx-console web application. This
          defaults to the UsersRolesLoginModule the same as other and should be
          changed to a stronger authentication mechanism as required.
        -->
        <application-policy name="jmx-console">
          <authentication>
                  <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
                                flag="required">
                      <module-option name="java.naming.factory.initial">
                          com.sun.jndi.ldap.LdapCtxFactory
                          </module-option>
                      <module-option name="java.naming.provider.url">
                          ldap://matt:389
                      </module-option>
                      <module-option name="java.naming.security.authentication">
                          simple
                      </module-option>
                      <module-option name="java.naming.security.credentials">user</module-option>
                      <module-option name="principalDNPrefix">uid=</module-option>                   
                      <module-option name="principalDNSuffix">,ou=People,dc=domain,dc=user,dc=com</module-option>
                      <module-option name="rolesCtxDN">ou=Roles,dc=user,dc=com</module-option>
                      <module-option name="uidAttributeID">user</module-option>
                      <module-option name="matchOnUserDN">true</module-option>
                      <module-option name="roleAttributeID">cn</module-option>
                      <module-option name="roleAttributeIsDN">false</module-option>
                      <module-option name="searchTimeLimit">5000</module-option>
                      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
                  </login-module>
              </authentication>
        </application-policy>

       

       

      and when i tried to login it neather let me login nor any error in server log files...

       

      What i am missing here? i even tried giving wrong ldap server name but it did not give any error in logs...

       

      Any ideas please?

       

      Thanks,

      Nick

        • 1. Re: LdapExtLoginModule configuration JBOSS 5.1.0
          Wolfgang Knauf Master

          Hi,

           

          did you activate logging of the security layer? See here, question 4: http://community.jboss.org/wiki/SecurityFAQ

          This should provide you with debugging output and error messages of e.g. the login module.

           

          Hope this helps

           

          Wolfgang

          1 of 1 people found this helpful
          • 2. Re: LdapExtLoginModule configuration JBOSS 5.1.0
            nick wolf Newbie

            Hi

             

            i have followed the steps in the module and its working fine...

             

            InitialContext ctx = new InitialContext();
                    JaasSecurityManager jsm1 = (JaasSecurityManager) ctx.lookup("java:/jaas/myLoginModule");
                    String securityDomain = jsm1.getSecurityDomain();
                   
                    SecurityAssociationHandler handler = new
                    SecurityAssociationHandler();
                    Principal user = new SimplePrincipal(j_username);
                    handler.setSecurityInfo(user, j_password.toCharArray());
                    LoginContext loginContext = new LoginContext(securityDomain,
                    (CallbackHandler)handler);
                    loginContext.login();
                    Subject subject = loginContext.getSubject();

            This way it works and is validating the user but when i call this method (request.getUserPricipal() ) getting NULL..

             

            Is there any way that i can pass authentication to Servlet like we have in weblogic?

             

            Thanks,

            Nick