2 Replies Latest reply on May 19, 2005 11:58 AM by Parker Grimes

    ldap for authentication database for roles

    Parker Grimes Newbie

      I am using the LdapLoginModule for user authentication in our application but the roles in LDAP don't correspond to our applications needs. I would like to authenticat with LDAP but get the roles from the application's database. Does this call for a custom login module? Is it possible to chain LdapLoginModule and DatabaseServerLoginModule somehow to make this work?

        • 1. Re: ldap for authentication database for roles
          Darran Lofthouse Master

          Yes the two login modules can be chained together so that the LDAP login module is used to authenticate the user then the database login module is used to identify the roles.

          http://www.jboss.com/index.html?module=bb&op=viewtopic&t=62597

          • 2. Re: ldap for authentication database for roles
            Parker Grimes Newbie

            Thanks for the tip, I got it to work!

            For the benefit of others this is what my login-config.xml looks like:

            <application-policy name="ldap_security">
             <authentication>
             <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
             <module-option name="password-stacking">useFirstPass</module-option>
             <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
             <module-option name="java.naming.provider.url">ldap://yourdomain.com:389/</module-option>
             <module-option name="java.naming.security.authentication">simple</module-option>
             <module-option name="allowEmptyPasswords">false</module-option>
             <module-option name="principalDNPrefix">cn=</module-option>
             <module-option name="principalDNSuffix">,ou=it,ou=administration,o=suu</module-option>
             <module-option name="matchOnUserDN">true</module-option>
             </login-module>
             <login-module code="org.jboss.security.auth.spi.DatabaseServerLoginModule" flag="required">
             <module-option name="dsJndiName">java:/DefaultDS</module-option>
             <module-option name="password-stacking">useFirstPass</module-option>
             <module-option name="rolesQuery">
             select r.role,'Roles' from login_role r join person p on p.fk_login_role=r.id where p.username=?
             </module-option>
             </login-module>
             </authentication>
             </application-policy>