0 Replies Latest reply on Mar 6, 2013 4:56 PM by Chris Burrell

    JBoss AS 7, LDAP + custom roles

    Chris Burrell Newbie

      Hi

       

      I've successfully managed to configure LDAP with JBoss. I want to source the roles elsewhere however. Can someone give me a hint as to how I would do that?

       

      Here's the config I have so far...

       

      jboss-web.xml

      <jacc-star-role-allow>true</jacc-star-role-allow>

       

      web.xml:

      <security-constraint>
                          <web-resource-collection>
                                    <web-resource-name>All resources</web-resource-name>
                                    <url-pattern>/*</url-pattern>
                          </web-resource-collection>
                          <auth-constraint>
                                    <role-name>*</role-name>
                          </auth-constraint>
      </security-constraint>
      

       

      <login-config>
                          <auth-method>BASIC</auth-method>
                          <realm-name>MyRealm</realm-name> 
      </login-config>
      

       

      <security-domain name="other">
                          <authentication>
                              <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
                                  <module-option name="java.naming.provider.url" value="ldap://myldap:389/"/>
                                  <module-option name="bindDN" value="myuser"/>
                                  <module-option name="bindCredential" value="mypassword"/>
                                  <module-option name="baseCtxDN" value="..."/>
                                  <module-option name="baseFilter" value="(...={0})"/>
                                  <module-option name="uidAttributeID" value="..."/>
                                  <module-option name="roleAttributeID" value="..."/>
                                  <module-option name="roleAttributeIsDN" value="true"/>
                                  <module-option name="rolesCtxDN" value="..."/>
                                  <module-option name="roleFilter" value="(sAMAccountName={0})"/>
                              </login-module>
                          </authentication>
      </security-domain>
      

       

      For example, would it be possible to give a default role to every user?

      Can I derive this from a datasource?

       

       

      Cheers

      Chris