Hi, I'm currently using JBoss-2.4.4 and am trying to log in to the LDAP server on an Apple XServe machine. I'm a newcomer to LDAP and I don't understand what I'm doing wrong.
I'm using the org.jboss.security.ClientLoginModule on the client side to login, and on the server side I have defined the following in auth.conf:
I've tried many different combinations of these values and I think I have managed to log in with the principal, but roles are not working. I get the following error each time I try to log in:
[ERROR,SecurityInterceptor] Insufficient method permissions, principal=admin2, method=create, requiredRoles=[Staff], principalRoles=
This seems to suggest that my roles are not being mapped. I am attaching the 'users' and 'group' snippets of the Xserve's schema which I exported to LDIF:
FOR the USERS:
dn: cn=users, dc=localdomain
dn: uid=admin2, cn=users, dc=localdomain
authAuthority: ;ApplePasswordServer; xxxxxxxxxx email@example.com:192.168.2.25
FOR the GROUPS:
dn: cn=groups, dc=localdomain
dn: cn=clientservices, cn=groups, dc=localdomain
As you can see from the Exception, I am trying to log in as 'admin2' and 'admin2' is a member of the 'clientservices' group, however, it does not seem to be able to find this mapping.
I am also confused as to whether I should be 'authenticating' using this method, or can I merely create an InitialContext using the LDAP server from within my code, give it the credentials and login successfully? If I do this, I suppose I will lose the benefit of declarative security on the server side won't I? i.e. I think I will then have to manage method level permissions myself?
Any help appreciated, thanks,