3 Replies Latest reply on Dec 5, 2008 4:34 PM by rogerwbmd

    LdapIdentityStore successfully authenticates blank username and password

    hermida.leandro.hermida.gmail.com
    hermida.leandro.hermida.gmail.com Oct 21, 2008 12:22 PM

      Hello,


      I am testing the LdapIdentityStore feature from the latest Seam 2.1 from trunk and it seems to successfully authenticate a blank set of credentials.  Here is my setup as instructed in the docs:


      components.xml:


      <security:identity-manager identity-store="#{ldapIdentityStore}"/>

<security:ldap-identity-store server-address="myldapserver.fmi.ch"
                              bind-DN="cn=mysearchuser,ou=User,ou=FMI,dc=domain,dc=com"
                              bind-credentials="secret"
                              user-DN-prefix="sAMAccountName="
                              user-DN-suffix=",ou=User,ou=FMI,dc=domain,dc=com"
                              user-context-DN="ou=User,ou=FMI,dc=domain,dc=com"
                              role-DN-prefix="cn="
                              role-DN-suffix=",ou=group,ou=FMI,dc=domain,dc=com"
                              role-context-DN="ou=group,ou=FMI,dc=domain,dc=com"
                              user-role-attribute="memberOf"
                              role-name-attribute="cn"
                              user-object-classes="user"/>



      Then the login form:


      <h:form id="loginForm" styleClass="loginForm">
    <h:outputLabel for="loginUsername" value="Username:"/>
    <h:inputText id="loginUsername" value="#{credentials.username}"/>
    
    <h:outputLabel for="loginPassword" value="Password:"/>
    <h:inputSecret id="loginPassword" value="#{credentials.password}"/>
    
    <h:commandButton id="loginButton" action="#{identity.login}"
                     value="Login">
    </h:commandButton>
</h:form>

      • 186 Views
      • Tags: