5 Replies Latest reply on Jan 30, 2003 10:49 AM by Alan

    LDAPLoginModule Example in Paid Doc

    Alan Newbie

      I'm trying to setup my SunOneDirectory server and I'm following the (paid) security documentation pretty well. The thing that I'm confused about is the sample schema in the example on page 280, specifically the left side of the tree. I understand ou=Roles, but underneath that is where it is confusing. What does cn=JbossSX Tests mean in relation to the other elements? Is it a brother to userId? Or a parent to userId? What about roleName? What is the relation between the three element types there?


      Thanks so much,
      Alan

        • 1. Re: LDAPLoginModule Example in Paid Doc
          J. Wolfgang Kaltz Novice

          Well, to be sure 100%, we would need to see the objectclass definition.

          But here's my interpretation:
          the left side of the tree is one entry in the LDAP, identified by cn=JBossSX Tests
          the right side of the tree is another entry in LDAP, identified by uid=jduke

          The relation between the 2 seems to be that an object in Roles (the left side of the tree) can have one (or probably several) attributes named userid
          These would refer to the users in the group, and the content of that attribute must be a key in the right side of the tree.

          roleName is the role name you would use in your EJB deployment descriptors for role-based permissions.

          I hope that makes sense. I'm sort of guessing, as myself I'm using a custom ldap login module (so that I have more flexibility with the LDAP structures)

          • 2. Re: LDAPLoginModule Example in Paid Doc
            Alan Newbie

            hm yeah i think that was pretty much my thought. I finally got it to work which i'm excited about, but I definitely don't want to use this structure. care to give some insight into how you structure your users and roles, and how you wrote your ldap module?

            • 3. Re: LDAPLoginModule Example in Paid Doc
              J. Wolfgang Kaltz Novice

              I didn't actually give a huge amount of thought about how to organize the roles: because the analysts were supposed to say how the roles are to be organized - about 1,5 years ago and they still haven't told me ;)

              So this is precisely why I want my own LoginModule, so that I can adapt my code to whatever stupid structure the analysts come up with.

              It's quite easy really if you subclass a JBoss base class such as org.jboss.security.auth.spi.UsernamePasswordLoginModule

              I'm going to try to attach my module to this posting. I've encapsulated the actual access to LDAP in utility classes, to reduce the login module code to a minimum.

              • 4. Re: LDAPLoginModule Example in Paid Doc
                J. Wolfgang Kaltz Novice

                sorry, in the previous posting I attached the wrong file.

                This one should contain the correct attachment.

                • 5. Re: LDAPLoginModule Example in Paid Doc
                  Alan Newbie

                  awesome thanks
                  if the post fails, you can email it to me alan@solspark.com

                  thanks again!
                  alan