0 Replies Latest reply on Dec 16, 2009 4:32 PM by Markus Brandstätter

    Help on LDAP integration requested

    Markus Brandstätter Newbie
      Dear Shane,

      I need to create a small LDAP-administration tool and would like to use LdapIdentityStore. As I need to connect to an existing and running LDAP-Server, I am not allowed to change the schema nor the hirachy of the entries. To give you an impression of the hirachy, pls see an excerpt of the LDAP-schema below. Roles (captured in objectClass) and users are not seperated but on the same level:

      # maincompany.at
      dn: dc=maincompany,dc=at
      dc: maincompany
      objectClass: dcObject
      objectClass: organization
      o: maincompany

      # admin, maincompany.at
      dn: cn=admin,dc=maincompany,dc=at
      objectClass: organizationalRole
      cn: admin

      # subcompany.at, maincompany.at
      dn: o=subcompany.at,dc=maincompany,dc=at
      gidNumber: 501
      objectClass: companyOrganization
      o: subcompany.at
      cn: subcompany.at

      # user1, subcompany.at, maincompany.at
      dn: cn=user1,o=subcompany.at,dc=maincompany,dc=at
      objectClass: posixAccount
      objectClass: companyPerson
      cn: user1.subcompany.at
      cn: user1
      uidNumber: 501
      gidNumber: 501
      uid: user1.subcompany.at

      # user2, subcompany.at, maincompany.at
      dn: cn=user2,o=subcompany.at,dc=maincompany,dc=at
      objectClass: posixAccount
      objectClass: companyPerson
      cn: user2.subcompany.at
      cn: user2
      uidNumber: 502
      gidNumber: 501
      uid: user2.subcompany.at

      # subcompany2.at, maincompany.at
      dn: o=subcompany2.at,dc=maincompany,dc=at
      gidNumber: 502
      objectClass: companyOrganization
      o: subcompany2.at
      cn: subcompany2.at

      # user1, subcompany2.at, maincompany.at
      dn: cn=user1,o=subcompany2.at,dc=maincompany,dc=at
      objectClass: posixAccount
      objectClass: companyPerson
      cn: user1.subcompany2.at
      cn: user1
      uidNumber: 503
      gidNumber: 502
      uid: user1.subcompany2.at

      My components.xml is configured as follows:
         <security:identity-manager identity-store="#{ldapIdentityStore}"/>

         <security:ldap-identity-store
        server-address="192.168.0.19"
        bind-DN="cn=admin,dc=maincompany,dc=at"
        bind-credentials="secret"
        user-DN-prefix="uid="
        user-DN-suffix=""
        role-DN-prefix=""
        role-DN-suffix=""
        user-context-DN="dc=maincompany,dc=at"
        role-context-DN="dc=maincompany,dc=at"
        user-role-attribute="companyPerson"
        role-name-attribute=""
        user-object-classes="posixAccount,companyPerson"
        enabled-attribute="enabled"
      />

      The term "<security:identity/>" is left out as I wanna use the default method for authentication.
      The pages used are the ones created via the Seam Integration in Eclipse (JBossTools). When I try to logon I receive the following error message:
      [SeamLoginModule] Error invoking login method

      Thanks a lot in advance for any reply/help!
      Regards, Markus