1 Reply Latest reply on Jul 28, 2012 7:57 PM by Brian Lavender

    Using Seam with LDAP

    Brian Lavender Newbie

      I am trying to use Seam with LDAP. But, it doesn't seem to work. What am I missing?

       

      First, I created a project using seam-gen.

       

      I commented out the default authenticate method in components.xml cfreated by seam-gen

      <!--<security:identity authenticate-method="#{authenticator.authenticate}" remember-me="true"/> -->

       

      I put the following in components.xml for ldap.

        <security:identity-manager identity-store="#{ldapIdentityStore}"/>

       

        <security:ldap-identity-store

          server-address="localhost"

          server-port="10389"

          bind-DN="uid=admin,ou=system"

          bind-credentials="secret"

          user-DN-prefix="uid="

          user-DN-suffix=",ou=People,dc=example,dc=com"

          role-DN-prefix="cn="

          role-DN-suffix=",ou=Roles,dc=example,dc=com"

          user-context-DN="ou=People,dc=example,dc=com"

          role-context-DN="ou=Roles,dc=example,dc=com"

          user-role-attribute="member"

          role-name-attribute="cn"

          user-object-classes="person,uidObject"

          enabled-attribute="enabled"

          />

       

      I am using Apache DS. This is my ldif file.

      dn: dc=example,dc=com

      objectclass: top

      objectclass: dcObject

      objectclass: organization

      dc: example

      o: MCC

       

      dn: ou=People,dc=example,dc=com

      objectclass: top

      objectclass: organizationalUnit

      ou: People

       

      dn: uid=admin,ou=People,dc=example,dc=com

      objectclass: top

      objectclass: uidObject

      objectclass: person

      uid: admin

      cn: Admin

      sn: Admin

      userPassword: simple

       

      dn: uid=brian,ou=People,dc=example,dc=com

      objectclass: top

      objectclass: uidObject

      objectclass: person

      uid: brian

      cn: Brian

      sn: Lavender

      userPassword: sample

       

      dn: ou=Roles,dc=example,dc=com

      objectclass: top

      objectclass: organizationalUnit

      ou: Roles

       

      dn: cn=Admin,ou=Roles,dc=example,dc=com

      objectClass: top

      objectClass: groupOfNames

      cn: Admin

      description: the DiapasonAdmin group

      member: uid=admin,ou=People,dc=example,dc=com

      member: uid=brian,ou=People,dc=example,dc=com

       

      dn: cn=Power,ou=Roles,dc=example,dc=com

      objectClass: top

      objectClass: groupOfNames

      cn: Power

      description: the Power users

      member: uid=brian,ou=People,dc=example,dc=com

        • 1. Re: Using Seam with LDAP
          Brian Lavender Newbie

          I got it working using JAAS in JBoss 5.1 and Apache Directory Studio. Here are the steps.

          First, create your ldap server in Apache Directory Studio.

          1. create a new server in Apache directory studio
          2. Start the new server
          3. Create a connection to the new server
          4. Add the following LDIF file to your server.

           

          dn: dc=example,dc=com

          objectclass: top

          objectclass: dcObject

          objectclass: organization

          dc: example

          o: MCC

           

          dn: ou=People,dc=example,dc=com

          objectclass: top

          objectclass: organizationalUnit

          ou: People

           

          dn: uid=admin,ou=People,dc=example,dc=com

          objectclass: top

          objectclass: uidObject

          objectclass: person

          uid: admin

          cn: Admin

          sn: Admin

          userPassword: simple

           

          dn: uid=brian,ou=People,dc=example,dc=com

          objectclass: top

          objectclass: uidObject

          objectclass: person

          uid: brian

          cn: Brian

          sn: Lavender

          userPassword: sample

           

          dn: ou=Roles,dc=example,dc=com

          objectclass: top

          objectclass: organizationalUnit

          ou: Roles

           

          dn: cn=admin,ou=Roles,dc=example,dc=com

          objectClass: top

          objectClass: groupOfNames

          cn: admin

          description: the DiapasonAdmin group

          member: uid=admin,ou=People,dc=example,dc=com

          member: uid=brian,ou=People,dc=example,dc=com

           

          dn: cn=power,ou=Roles,dc=example,dc=com

          objectClass: top

          objectClass: groupOfNames

          cn: power

          description: the Power users

          member: uid=brian,ou=People,dc=example,dc=com

           

          Now that the LDAP server is created, modify your JBoss AS so that it has a JAAS "application-policy" for your JBoss Server. Add the following to the file "${JBOSS_HOME}/server/default/conf/login-config.xml" just before the final </policy> in the file . I used JBoss 5.1 for this example.

           

              <application-policy name="example">

               <authentication>

               <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >

               <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>

               <module-option name="java.naming.provider.url">ldap://localhost:10389</module-option>

               <module-option name="java.naming.security.authentication">simple</module-option>

               <module-option name="bindDN">uid=admin,ou=system</module-option>

               <module-option name="bindCredential">secret</module-option>

               <module-option name="baseCtxDN">ou=People,dc=example,dc=com</module-option>

               <module-option name="baseFilter">(uid={0})</module-option>

           

               <module-option name="rolesCtxDN">ou=Roles,dc=example,dc=com</module-option>

               <module-option name="roleFilter">(member={1})</module-option>

               <module-option name="roleAttributeID">cn</module-option>

               <module-option name="searchScope">ONELEVEL_SCOPE</module-option>

               <module-option name="allowEmptyPasswords">true</module-option>

               </login-module>

               </authentication>

              </application-policy>

           

          Now create Seam application using seam-gen. Change the line for authentication in components.xml

          from

          <security:identity authenticate-method="#{authenticator.authenticate}"

                                     security-rules="#{securityRules}"

                                        remember-me="true"/>

          to

          <security:identity jaas-config-name="example" remember-me="true"/>

           

          Now log into your applicaiton using either "brian" or admin.

           

          References:

          http://www.len.ro/work/jboss-and-ldap/

          http://seamframework.org/Documentation/SimpleJAASExample