0 Replies Latest reply on Jan 25, 2011 2:55 PM by Erick Jeronimo Diaz

    Using mail attribute to authenticate with LdapLoginModule

    Erick Jeronimo Diaz Newbie

      Hello i'm worried about to solve this and i'd appreciate any help from you. I authenticate my web services agains a Redhat Fedora LDAP server, and i use authorization using my Database defined roles. So for authenticate i use org.jboss.security.auth.spi.LdapLoginModule and for authorization i use org.jboss.security.auth.spi.DatabaseServerLoginModule, i can to combine both login modules thanks to password-stacking attribute. This is a fragment of my login-config.xml:

       

          <application-policy name="SecurityGdm">

              <authentication>

                  <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">

                      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>

              <module-option name="java.naming.provider.url">ldap://my.ldap.def:389</module-option>

                      <module-option name="java.naming.security.authentication">simple</module-option>

              <module-option name="principalDNPrefix">uid=</module-option>                   

                      <module-option name="principalDNSuffix">

                          ,ou=mydomain.com,ou=People,dc=mydomain,dc=com

                      </module-option>

              <module-option name="password-stacking">useFirstPass</module-option>

              </login-module>

       

              <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">

              <module-option name = "unauthenticatedIdentity">guest</module-option>

              <module-option name="dsJndiName"> java:/sincronizacionDS </module-option>

              <module-option name="rolesQuery"> SELECT FLDID_ROLSW, 'Roles' FROM crm.tbrrolesusuariossw WHERE FLDID_USUARIOSW = ?</module-option>

                  <module-option name="password-stacking">useFirstPass</module-option>

              </login-module>    

       

              </authentication>

          </application-policy>

       

       

      this configuration works if, for example, my credentials are: user = Mary and passw, BUT WHAT I NEED IS, INSTEAD OF GETTING AN UID= AND PASSWORD INSIDE MYDOMAIN, GET AN EMAIL= and passw AS PARAMETER

       

      THANKS IN ADVANCE