0 Replies Latest reply on May 3, 2013 4:05 AM by vivien heudt

    how to specify the group to authenticate user in ldaploginmodule and jboss configuration

    vivien heudt Newbie


      I would like to authenticate the user only if he is in a specific group.

      for my test I have two users:

      • one user is in the FIRST GROUP
      • other is in de SECOND GROUP

      I have an active directory :







      usr1 is in the "admin", usr2 is in the "usr" and I authenticate the user via JBoss withLdapLoginModule in the standalone.xml.


      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">

                <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                <module-option name="java.naming.provider.url" value="ldap://ldaphost"/>


                 <module-option name="rolesCtxDN" value="CN=admin,OU=Role,DC=ldaphost,DC=xxx"/>         


                <module-option name="principalDNSuffix" value="@ldaphost.xxx"/>

                <module-option name="java.naming.security.authentication" value="simple"/>


      The result is:

      • the usr1 success login
      • the usr2 success too

      So the rolesCtxDN used does not work properly or is not used at all, and I have no error.

      Someone has an idea of the problem? Anyone have another way to use a user according to his group?