I am running into the same problems. I would really appreciate if you could share your experience on interrogating Active Directory to authenticate users on an Intranet. I must admit I have no experience at all on the subject, so if you can write an explanation for the dummies, that would be so great!
Thanks for your reply.
Hi!!! Nice of you to post your login-config.xml but I havent been able to get it to work...
I add a parameter to the login-config.xml saying debug=true. When I try to authenticate I keep getting LDAP error 49 which I looked up and means invalid credentials.... (So I guess it found the server and all).
Did you get any of this? Any ideas?
P.D: web.xml imposes a restriction to certain groups, which the user I try to authenticate belongs to.
A large part of the success or failure of using LDAP and AD
with the standard JBoss LDAP module depends on your
users being able to specify a username that allows you to
construct a principal name by doing
For example, if your sAMAccountName's and userprincipal names
are related always by @kerberos.realm, then you can set
=@kerberos.realm. Giving the userprincipal name
email@example.com. Unfortunately, sometimes this
relation does not hold and hence will not work. In my case I
have users who's saMAccountName is bobr and their
userprincipal name is Rubble\,Bobby@kerberos.realm.
You can also try to construct the distinguished name using
the same procedure, which jlsantiago explains above. This
only works if all your users will be at the same level in the
AD tree. i.e. All your users are found at:
In large installations this is almost never true, users are more
likely to be at various levels:
This scheme can't be accomodated with prefixes and postfixes.
I have a modifed version of the LDAP module that looks up
saMAccountNames and finds the distinguished name of the user
and then authenticates and authorizes the user.
The source can be found at boxerboxes.ca.
All the best,
Agh.. I tried the module found at boxerboxes.ca and although I nearly there I still can get it to work...
the thing is: apparently it can't find the user I looking for!!! Anyone got a example login-config.xml for this module? Or another way to get Jboss and ADS to work altogether?