Seam with LDAP
brunoskrebs.bruno.krebseng.com.br Jun 22, 2010 4:40 PMHello there,
I'm having trouble to configure an LDAP Identity Manager within seam (2.2.0.GA). I have read a lot of posts, blogs and references but I can´t figure it out how to fix it. So I hope someone here can help me.
What I want to do is to make people login to my application using their user and password from the LDAP. So I configured the components.xml like this:
<security:ldap-identity-store name="ldapIdentityStore" server-address="10.0.20.3" server-port="389" bind-DN="OU=TS,OU=Usuarios,DC=dbccompany,DC=com,DC=br" bind-credentials="secret" user-DN-suffix=",OU=TS,OU=Usuarios,DC=dbccompany,DC=com,DC=br" user-DN-prefix="cn=" role-DN-prefix="cn=" role-DN-suffix=",ou=Roles,dc=dbccompany,dc=com,dc=br" user-context-DN="OU=TS,ou=Usuarios,dc=dbccompany,dc=com,dc=br" role-context-DN="ou=Roles,dc=dbccompany,dc=com,dc=br" user-role-attribute="roles" role-name-attribute="cn" user-object-classes="person" enabled-attribute="enabled" /> <security:identity-manager name="identityManager" identity-store="#{ldapIdentityStore}"/>
This is probably the source of the problem, since I'm not an expert in LDAP (actually this is the first time that I'm using it). The main doubts that I have about this configuration are:
the real meaning of bind-DN: do I have to put a valid user here to connect to ldap so seam can query it to see if the users passed to it are valid?
Are the role parameters (role-name-attribute, role-context-DN important to just authenticate the user?
After that I have my LoginAction class that looks like this:
package br.com.dbccompany.fiergs.controle; // imports @Scope(ScopeType.EVENT) @Name("login") public class LoginAction { @In private EntityManager entityManager; @Out(required=false, scope = ScopeType.SESSION) private Usuario usuario; @In private FacesMessages facesMessages; @In private IdentityManager identityManager; private String user; private String senha; //getters and setters public String loga() { if (identityManager.authenticate(user, senha)) { return "true"; } else { facesMessages.add("Usuário inválido"); return "false"; } } }
So as you can see I use the identityManager object, instantiated by seam, to authenticate the user using the parameters passed to it. By the way senha means password.
Well, my application is running, but when I pass my credentials (user and password that I use in this LDAP domain) to LoginAction.loga it returns false. And when I try another combination, like something that I make up, wrong users and passwords, an Exception is thrown. This is the exception:
SEVERE: org.jboss.seam.security.management.IdentityManagementException: Authentication error javax.faces.el.EvaluationException: org.jboss.seam.security.management.IdentityManagementException: Authentication error ... Caused by: org.jboss.seam.security.management.IdentityManagementException: Authentication error ... Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334
Can someone help me configuring this?
Thanks in advance!
Bruno Krebs