2 Replies Latest reply on Apr 1, 2004 8:09 AM by Tim McGinnis

    LdapLoginModule Good login but page returned is 403

    Tim McGinnis Newbie

      I am running jboss 3.2.1 with tomcat 4.1.24. I am trying to use basic authentication to authenticate back to a directory, which happens to be Novell's eDirectory 8.7.1. I have turned on the TRACE for the LdapLoginModule to check if the authentication is succeeding. From what I see in the trace it looks good. The last two lines are:

      User 'tim' authenticated, LoginOk=true
      commit, loginOk=true

      But the page I get back in the browser is a 403 access denied page.

      Am I being mislead by the trace log? or am I just going crazy?

        • 1. Re: LdapLoginModule Good login but page returned is 403
          Scott Stark Master

          You have only showed the authentication step. You also have to be authorized to access the content.

          • 2. Re: LdapLoginModule Good login but page returned is 403
            Tim McGinnis Newbie

            Thanks Scott for the reply. I finally figured out that it was my issue in not properly understanding the meaning of all the options that I had to specify. I pulled down the LdapLoginModule.java source, added a few more trace lines to see what was going on and found out I didn't need to have the roleAttributeIsDN option. Once I took this out it worked perfectly.

            For anyone else who is interested. I have this working using Novell's eDirectory 8.7.1 with ldap. The users are specified in a User object and then assigned to Role objects that exist in a different OU. All of my users are in one OU. I have not tried it yet with different OUs, although I believe it will work. There are a two attributes on the role object that I had to grant Read/Compare permissions to [PUBLIC] to allow the ldap search to see them. These were the cn and the roleOccupant. I also had to add the roleOccupant to the Ldap Attributes list in the LDAP GROUP object for the server.