5 Replies Latest reply on Dec 6, 2001 9:19 AM by Timo Tetzlaf

    JBoss LDAP authenticated really ??

    Timo Tetzlaf Newbie

      hi
      I have a problem with my jboss-2.4.3 with tomcat-3.2.3 configuration.
      I use LdapLoginModule for authentication.
      My LDAP-Server is a Netscape Directory Server 4.1.

      When I input my username and passwort in the 'input-box' of the secured area jboss saith User 'tomcat' authenticated. but the 'input-box' is back again.
      There is no change at the logfile after a second try.

      my settings are:
      jboss-web.xml in WEB-INF directory in secure.war
      <?xml version="1.0"?>
      <jboss-web>
      <security-domain>java:jaas/ldap</security-domain>
      </jboss-web>

      /conf/tomcat/auth.conf
      ..
      ldap {
      org.jboss.security.plugins.samples.LdapLoginModule required
      java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
      principalDNPrefix="cn="
      principalDNSuffix=",ou=People,dc=metris,dc=de"
      rolesCtxDN="ou=Groups,dc=metris,dc=de"
      roleAttributeID="cn"
      uidAttributeID="uniqueMember"
      java.naming.provider.url="ldap://161.71.70.216:389/"
      java.naming.security.authentication="simple"
      matchOnUserDN=true
      unauthenticatedIdentity="nobody"
      ;
      };

      LDAP-configuration:
      dnroot= cd=mycompany,dc=de
      standard 'People' and 'Groups' entries of netscape server:
      ou=People
      objectclass=top
      objectclass=organizationalunit

      ou=Groups
      objectclass=top
      objectclass=organizationalunit

      #an user tomcat
      cn=tomcat
      sn=tomcat
      objectclass=top
      objectclass=inetorgperson
      userpassword=tomcat (cleartext)

      #a group tomcat including one user 'tomcat'
      objectclass=top
      objectclass=groupofuniquenames
      uniquemember=cn=tomcat,ou=People,dc=mycompany,dc=de
      cn=tomcat

      server.log:
      [Default] username: tomcat password: tomcat
      [Default] Logging into LDAP server, env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, unauthenticatedIdentity=nobody, principalDNPrefix=cn=, java.naming.security.principal=cn=tomcat,ou=People,dc=metris,dc=de, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,ou=People,dc=metris,dc=de, rolesCtxDN=ou=Groups,dc=metris,dc=de, java.naming.provider.url=ldap://161.71.70.216:389/, uidAttributeID=uniqueMember, java.naming.security.authentication=simple, java.naming.security.credentials=tomcat}
      [Default] Logged into LDAP server, javax.naming.ldap.InitialLdapContext@3f1d3b
      [Default] rolesCtxDN IST VORHANDEN
      [Default] try 2 find attributes
      [Default] rolesCtxDN: ou=Groups,dc=metris,dc=de
      [Default] BasicAttr: {uniquemember=uniqueMember: cn=tomcat,ou=People,dc=metris,dc=de}
      [Default] Context: NameInSpace
      [Default] Context: Environment {java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory, unauthenticatedIdentity=nobody, principalDNPrefix=cn=, java.naming.security.principal=cn=tomcat,ou=People,dc=metris,dc=de, roleAttributeID=cn, matchOnUserDN=true, principalDNSuffix=,ou=People,dc=metris,dc=de, rolesCtxDN=ou=Groups,dc=metris,dc=de, java.naming.provider.url=ldap://161.71.70.216:389/, java.naming.factory.url.pkgs=org.jboss.naming:org.jnp.interfaces, uidAttributeID=uniqueMember, java.naming.security.authentication=simple, java.naming.security.credentials=tomcat}
      [Default] roleAttr: cn
      [Default] User 'tomcat' authenticated.

      it seems, that jboss authenticate the user against ldapserver but don´t find the role for this user.

      Who can help me ?

      Mac