2 Replies Latest reply on Jan 6, 2010 7:03 AM by nick wolf

    LdapExtLoginModule configuration JBOSS 5.1.0

    nick wolf Newbie

      Hi All,


      i am trying to configure Iplanet LDAP for jmx-console (To login to Admin console).

      i have modified the login-config.xml as follows


      <!-- A template configuration for the jmx-console web application. This
          defaults to the UsersRolesLoginModule the same as other and should be
          changed to a stronger authentication mechanism as required.
        <application-policy name="jmx-console">
                  <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
                      <module-option name="java.naming.factory.initial">
                      <module-option name="java.naming.provider.url">
                      <module-option name="java.naming.security.authentication">
                      <module-option name="java.naming.security.credentials">user</module-option>
                      <module-option name="principalDNPrefix">uid=</module-option>                   
                      <module-option name="principalDNSuffix">,ou=People,dc=domain,dc=user,dc=com</module-option>
                      <module-option name="rolesCtxDN">ou=Roles,dc=user,dc=com</module-option>
                      <module-option name="uidAttributeID">user</module-option>
                      <module-option name="matchOnUserDN">true</module-option>
                      <module-option name="roleAttributeID">cn</module-option>
                      <module-option name="roleAttributeIsDN">false</module-option>
                      <module-option name="searchTimeLimit">5000</module-option>
                      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>



      and when i tried to login it neather let me login nor any error in server log files...


      What i am missing here? i even tried giving wrong ldap server name but it did not give any error in logs...


      Any ideas please?




        • 1. Re: LdapExtLoginModule configuration JBOSS 5.1.0
          Wolfgang Knauf Master



          did you activate logging of the security layer? See here, question 4: http://community.jboss.org/wiki/SecurityFAQ

          This should provide you with debugging output and error messages of e.g. the login module.


          Hope this helps



          1 of 1 people found this helpful
          • 2. Re: LdapExtLoginModule configuration JBOSS 5.1.0
            nick wolf Newbie



            i have followed the steps in the module and its working fine...


            InitialContext ctx = new InitialContext();
                    JaasSecurityManager jsm1 = (JaasSecurityManager) ctx.lookup("java:/jaas/myLoginModule");
                    String securityDomain = jsm1.getSecurityDomain();
                    SecurityAssociationHandler handler = new
                    Principal user = new SimplePrincipal(j_username);
                    handler.setSecurityInfo(user, j_password.toCharArray());
                    LoginContext loginContext = new LoginContext(securityDomain,
                    Subject subject = loginContext.getSubject();

            This way it works and is validating the user but when i call this method (request.getUserPricipal() ) getting NULL..


            Is there any way that i can pass authentication to Servlet like we have in weblogic?