4 Replies Latest reply on Jan 17, 2004 8:44 AM by elfuhrer

    LDAP Integration with JBoss

    elfuhrer Novice

       

      "elfuhrer" wrote:
      "elfuhrer" wrote:
      I am trying to configure JBoss to authenticate users based on a domino LDAP server. I have been following the documentation and everything worked perfectly but the login fails for all the users.
      No exception is being thrown even though I am throwing all possible exceptions

      I have created a LoginModule that extends the org.jboss.security.auth.spi.UsernamePasswordLoginModule and I have also created the ADO and TO Objects for persistence.
      A Session facade EJB performs all the user management function and I have set the declarative security model in the appropriate deployment descriptors.

      My login page sends a request to the j_security_check servlet but from there everything is lost. I just get a login error and I can't trace anything.
      Any help is highly appreciated.



        • 1. Re: LDAP Integration with JBoss
          Juha Lindfors Master

           

          "juha@jboss.org" wrote:
          Increase your log level to debug or trace and see if you get more info out of the error.


          • 2. Re: LDAP Integration with JBoss
            elfuhrer Novice

             

            "elfuhrer" wrote:
            I have modified my application to use the LdapLoginModule, my problem now is different. I get a 404 error indicating that the j_security_check servlet does not exist.

            This is pretty weird. I'm still using the same deployment descriptors and I'm pretty sure that my settings are correct.
            Any clue?

            Best Regards,
            Fady


            • 3. Re: LDAP Integration with JBoss
              elfuhrer Novice

               

              "elfuhrer" wrote:
              How do I increase my log level?


              • 4. Re: LDAP Integration with JBoss
                elfuhrer Novice

                 

                "elfuhrer" wrote:
                After I increased my log level the exception I am getting is the Invalid credentials.

                I am using the following schema and my login-config.xml I am sure this is only a configuration problem in the login-config.xml so can anybody tell where is my problem?

                schema.ldif:
                ------------------------

                version: 1
                dn: O=OpenJ2EE
                objectclass: organization
                objectclass: top
                o: OpenJ2EE

                dn: OU=Groups,O=OpenJ2EE
                objectclass: organizationalUnit
                objectclass: top
                ou: Groups

                dn: CN=Administrators,OU=Groups,O=OpenJ2EE
                objectclass: groupOfUniqueNames
                objectclass: top
                cn: Administrators
                uniquemember: UID=fady,OU=People,O=OpenJ2EE

                dn: CN=Everyone,OU=Groups,O=OpenJ2EE
                objectclass: groupOfUniqueNames
                objectclass: top
                cn: Everyone
                uniquemember: UID=fady,OU=People,O=OpenJ2EE
                uniquemember: UID=gref,OU=People,O=OpenJ2EE
                uniquemember: UID=harvey,OU=People,O=OpenJ2EE

                dn: CN=Users,OU=Groups,O=OpenJ2EE
                objectclass: groupOfUniqueNames
                objectclass: top
                cn: Users
                uniquemember: UID=fady,OU=People,O=OpenJ2EE
                uniquemember: UID=harvey,OU=People,O=OpenJ2EE

                dn: OU=People,O=OpenJ2EE
                objectclass: organizationalUnit
                objectclass: top
                ou: People

                dn: UID=fady,OU=People,O=OpenJ2EE
                objectclass: inetOrgPerson
                objectclass: organizationalPerson
                objectclass: person
                objectclass: top
                cn: fady
                mail: fady@openj2ee.net
                sn: fady
                uid: fady
                userpassword:: KENCNEYzQzVBRjM2ODhFREE1MTRFQzZDMjUyNDFCMTYxKQ==

                dn: UID=gref,OU=People,O=OpenJ2EE
                objectclass: inetOrgPerson
                objectclass: organizationalPerson
                objectclass: person
                objectclass: top
                cn: gref
                mail: gref@openj2ee.net
                sn: gref
                uid: gref
                userpassword:: KDFCN0Q4Rjk2MkE4QzU0NDQ4MjM4ODJBM0QxMzlCRjZBKQ==

                dn: UID=harvey,OU=People,O=OpenJ2EE
                objectclass: inetOrgPerson
                objectclass: organizationalPerson
                objectclass: person
                objectclass: top
                cn: harvey
                mail: harvey@openj2ee.net
                sn: harvey
                uid: harvey
                userpassword:: KDYxOTkxN0M2RDVCMzhBNTE4NDJGODUxNTgzMkRFOUM4KQ==

                dn: OU=Roles,O=OpenJ2EE
                objectclass: organizationalUnit
                objectclass: top
                ou: Roles

                dn: CN=Guests,OU=Roles,O=OpenJ2EE
                objectclass: groupOfUniqueNames
                objectclass: top
                cn: Guests
                o: OpenJ2EE
                ou: Roles
                uniquemember: CN=Everyone,OU=Groups,O=OpenJ2EE

                dn: CN=Members,OU=Roles,O=OpenJ2EE
                objectclass: groupOfUniqueNames
                objectclass: top
                cn: Members
                o: OpenJ2EE
                ou: Roles
                uniquemember: CN=Users,OU=Groups,O=OpenJ2EE

                dn: CN=Moderators,OU=Roles,O=OpenJ2EE
                objectclass: groupOfUniqueNames
                objectclass: top
                cn: Moderators
                o: OpenJ2EE
                ou: Roles
                uniquemember: CN=Administrators,OU=Groups,O=OpenJ2EE

                login-config.xml:
                ----------------------------
                <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">

                <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                <module-option name="java.naming.provider.url">ldap://shakfuserver</module-option>
                <module-option name="java.naming.security.authentication">simple</module-option>
                <module-option name="java.naming.security.principal">fady.matar@rezayat.net</module-option>
                <module-option name="java.naming.security.credentials">s0ldier0ff0rtune</module-option>
                <module-option name="principalDNPrefix">uid=</module-option>
                <module-option name="principalDNSuffix">,ou=People,o=OpenJ2EE</module-option>
                <module-option name="rolesCtxDN">ou=Roles,o=OpenJ2EE</module-option>
                <module-option name="roleAttributeID">Roles</module-option>
                <module-option name="roleNameAttributeId">cn</module-option>
                <module-option name="roleAttributeIsDN">false</module-option>
                <module-option name="matchOnUserDN">false</module-option>
                </login-module>
                <login-module code="org.jboss.security.ClientLoginModule"
                flag="required"/>

                Thanks in advance