1 Reply Latest reply on Dec 3, 2002 11:10 PM by John Lee

    JBoss 3.0.0 w/ Tomcat - LDAP configuration for authenticatio

    da_alchemist Newbie

      Will someone please provide configuration files used to setup LDAP under JBOSS 3.0.0 for user authentication into a web-app realm??? I have read through a lot of documentation and I am still not sure about how to authenticate against an LDAP directory server. I have successfully managed to authenticate against a database with the DatabaseServerLoginModule, but the LDAP documentation seems incomplete. For instance, is there an ldap-service.xml file that I need to deploy, like you would need for database authentication??? Must the <application-policy name = "?????"> in login-config.xml match the <security-domain> in jboss-web.xml? Will someone provide a complete list of the configuration files? So far, I am only using 3 files for configuration:

      1. $JBOSS_HOME/server/default/conf/login-config.xml (for <application-policy> stuff using org.jboss.security.auth.spi.LdapLoginModule)

      2. $JBOSS_HOME/server/default/deploy/<web-app jar file>::WEB-INF/jboss-web.xml (for <security-domain>)

      3. $JBOSS_HOME/server/default/deploy/<web-app jar file>::WEB-INF/web.xml (for <security-constraint>, <login-config>, and <security-role> stuff)

      Are there other files that need to be configured? And if so, how do you configure them? Please provide example files if possible.

      Thanks.

        • 1. Re: JBoss 3.0.0 w/ Tomcat - LDAP configuration for authentic
          John Lee Newbie

          This is the configuration for login-config.xml in $JBOSS/server/default/conf


          <application-policy name="ldap">

          <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
          <module-option name = "java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option name = "java.naming.security.authentication">simple</module-option>
          <module-option name = "principleDNPrefix">uid={0}</module-option>
          <module-option name = "principleDNSuffix">,ou=people,dc=botly,dc=com</module-option>
          <module-option name = "uidAttributeID">uid</module-option>
          <module-option name = "roleAttributeID">cn</module-option>
          <module-option name = "rolesCtxDN">ou=groups,ou=portal,dc=botly,dc=com</module-option>
          <module-option name = "matchOnUserDN">true</module-option>
          <module-option name = "unauthenticatedIdentity">nobody</module-option>
          <module-option name = "java.naming.provider.url">ldap://192.168.111.9:389/</module-option>
          </login-module>

          </application-policy>

          This is the configuration in web.xml
          <security-constraint>
          <display-name>Example Security Constraint</display-name>
          <web-resource-collection>
          <web-resource-name>Protected Area</web-resource-name>
          <!-- Define the context-relative URL(s) to be protected -->
          <url-pattern>/secure/*</url-pattern>
          <!-- If you list http methods, only those methods are protected -->
          <http-method>DELETE</http-method>
          <http-method>GET</http-method>
          <http-method>POST</http-method>
          <http-method>PUT</http-method>
          </web-resource-collection>
          <auth-constraint>
          <!-- Anyone with one of the listed roles may access this area -->
          <role-name>tomcat</role-name>
          <role-name>role1</role-name>
          </auth-constraint>
          </security-constraint>

          <!-- Default login configuration uses form-based authentication -->
          <login-config>
          <auth-method>FORM</auth-method>
          <realm-name>Example Form-Based Authentication Area</realm-name>
          <form-login-config>
          <form-login-page>/secure/login.jsp</form-login-page>
          <form-error-page>/secure/error.jsp</form-error-page>
          </form-login-config>
          </login-config>

          <!-- Security roles referenced by this web application -->
          <security-role>
          <role-name>role1</role-name>
          </security-role>
          <security-role>
          <role-name>tomcat</role-name>
          </security-role>