3 Replies Latest reply on Dec 5, 2008 4:34 PM by Roger Hsu

    LdapIdentityStore successfully authenticates blank username and password

    Leandro Hermida Newbie

      Hello,


      I am testing the LdapIdentityStore feature from the latest Seam 2.1 from trunk and it seems to successfully authenticate a blank set of credentials.  Here is my setup as instructed in the docs:


      components.xml:


      <security:identity-manager identity-store="#{ldapIdentityStore}"/>
      
      <security:ldap-identity-store server-address="myldapserver.fmi.ch"
                                    bind-DN="cn=mysearchuser,ou=User,ou=FMI,dc=domain,dc=com"
                                    bind-credentials="secret"
                                    user-DN-prefix="sAMAccountName="
                                    user-DN-suffix=",ou=User,ou=FMI,dc=domain,dc=com"
                                    user-context-DN="ou=User,ou=FMI,dc=domain,dc=com"
                                    role-DN-prefix="cn="
                                    role-DN-suffix=",ou=group,ou=FMI,dc=domain,dc=com"
                                    role-context-DN="ou=group,ou=FMI,dc=domain,dc=com"
                                    user-role-attribute="memberOf"
                                    role-name-attribute="cn"
                                    user-object-classes="user"/>



      Then the login form:


      <h:form id="loginForm" styleClass="loginForm">
          <h:outputLabel for="loginUsername" value="Username:"/>
          <h:inputText id="loginUsername" value="#{credentials.username}"/>
          
          <h:outputLabel for="loginPassword" value="Password:"/>
          <h:inputSecret id="loginPassword" value="#{credentials.password}"/>
          
          <h:commandButton id="loginButton" action="#{identity.login}"
                           value="Login">
          </h:commandButton>
      </h:form>