1 Reply Latest reply on Oct 26, 2010 3:53 AM by Florian Quadt

    Seam with LDAP

    Bruno Krebs Newbie

      Hello there,


      I'm having trouble to configure an LDAP Identity Manager within seam (2.2.0.GA). I have read a lot of posts, blogs and references but I can´t figure it out how to fix it. So I hope someone here can help me.


      What I want to do is to make people login to my application using their user and password from the LDAP. So I configured the components.xml like this:


      <security:ldap-identity-store
                      name="ldapIdentityStore"
                      server-address="10.0.20.3"
                      server-port="389"
                      bind-DN="OU=TS,OU=Usuarios,DC=dbccompany,DC=com,DC=br"
                      bind-credentials="secret"
                      user-DN-suffix=",OU=TS,OU=Usuarios,DC=dbccompany,DC=com,DC=br"
                      user-DN-prefix="cn="
                      role-DN-prefix="cn="
                      role-DN-suffix=",ou=Roles,dc=dbccompany,dc=com,dc=br"
                      user-context-DN="OU=TS,ou=Usuarios,dc=dbccompany,dc=com,dc=br"
                      role-context-DN="ou=Roles,dc=dbccompany,dc=com,dc=br"
                      user-role-attribute="roles"
                      role-name-attribute="cn"
                      user-object-classes="person"
                      enabled-attribute="enabled" />
      
              <security:identity-manager name="identityManager" identity-store="#{ldapIdentityStore}"/>



      This is probably the source of the problem, since I'm not an expert in LDAP (actually this is the first time that I'm using it). The main doubts that I have about this configuration are:


      the real meaning of bind-DN: do I have to put a valid user here to connect to ldap so seam can query it to see if the users passed to it are valid?


      Are the role parameters (role-name-attribute, role-context-DN important to just authenticate the user?


      After that I have my LoginAction class that looks like this:


      package br.com.dbccompany.fiergs.controle;
      
      // imports
      
      @Scope(ScopeType.EVENT)
      @Name("login")
      public class LoginAction {
              @In
              private EntityManager entityManager;
              
              @Out(required=false, scope = ScopeType.SESSION)
              private Usuario usuario;
              
              @In
              private FacesMessages facesMessages;
              
              @In
              private IdentityManager identityManager;
                      
              private String user;
              private String senha;
      
              //getters and setters
              
              public String loga() {
                      if (identityManager.authenticate(user, senha)) {
                              return "true";
                      } else {
                              facesMessages.add("Usuário inválido");
                              return "false";
                      }
              }
      }
      



      So as you can see I use the identityManager object, instantiated by seam, to authenticate the user using the parameters passed to it. By the way senha means password.


      Well, my application is running, but when I pass my credentials (user and password that I use in this LDAP domain) to LoginAction.loga it returns false. And when I try another combination, like something that I make up, wrong users and passwords, an Exception is thrown. This is the exception:



      SEVERE: org.jboss.seam.security.management.IdentityManagementException: Authentication error
      javax.faces.el.EvaluationException: org.jboss.seam.security.management.IdentityManagementException: Authentication error
      ...
      Caused by: org.jboss.seam.security.management.IdentityManagementException: Authentication error
      ...
      Caused by: javax.naming.AuthenticationException: [LDAP: error code 49 - 80090308: LdapErr: DSID-0C090334





      Can someone help me configuring this?


      Thanks in advance!
      Bruno Krebs