1 Reply Latest reply on Jan 28, 2002 6:13 AM by J. Wolfgang Kaltz

    LdapLoginModule should be more Flexible

    Binoy Shah Newbie

      Hi,
      I am currently using JBoss 2.4.4/Jetty with Postgres and Openldap 2.18.
      I am also using LdapLoginModule for authentication purpose.

      Now for small user database and non diverse application hosted on my server, i find the current LdapLoginModule to be sufficient. But as we deploy more and more application on the server and want to seperate the user/role for each application specific domain under different hierarchies and there by improving security.

      The current LdapLoginModule asks for a statically named rolesContextDN for searching the user role but what if the roles DN is different from what is hard coded in the auth.conf , i.e. an the role dn might be different for different users who belong to seperate business domain running under the same application server.

      Is it possible to use the LdapLoginModule skeleton and build our own CustomLdapLoginModule and provide some different logic to make it a bit more dynamic ?

      If yes. can any one lead me to the way how to integrate it with my current setup ?

        • 1. Re: LdapLoginModule should be more Flexible
          J. Wolfgang Kaltz Novice

          If your authorization is based on simple username/password, then it's really easy to write your own "LdapLoginModule" (or whatever). All you need to do is subclass org.jboss.security.auth.spi.UsernamePasswordLoginModule
          and provide an implementation for
          protected String getUsersPassword() throws LoginException
          and
          protected Group[] getRoleSets() throws LoginException

          You will find examples of this in the JBoss source code or in the JBossSX documentation.
          The only tricky thing (in my opinion) is that you need to define your login module in your auth.conf as follows:
          org.jboss.security.auth.spi.ProxyLoginModule required
          moduleName=com.whatever.MyLoginModule