1 Reply Latest reply on Jun 23, 2005 12:04 AM by Jaiganesh Kannan

    Form Based Login Module from LDAP using JAAS - help needed

    Jaiganesh Kannan Newbie

      Hi,

      I had been trying to do authentication using Open LDAP and JBOSS.
      FYI: I had tried Form based authentication using roles and users.properties and Also using Database. But i could not proceed with LDAP.

      Please help me solve the problem i had been facing to run the web application with Form based authentication.

      Please give me any idea or pls copy the LDIF and login-config.xml and any related web.xml that should be used inorder to run succesfully.

      Thankx in advance...

      Regards..

      FYI:

      Login-config.xml that i had used is as below(only modifications):

      &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

      <application-policy name = "bpms_junit">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://cuecent18:389</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="java.naming.security.principal">cn=Directory Manager,dc=bahwancybertek,dc=com</module-option>
      <module-option name="java.naming.security.credentials">secret</module-option>
      <module-option name="principalDNPrefix">uid=</module-option>
      <module-option name="principalDNSuffix">ou=People,dc=bahwancybertek,dc=com</module-option>
      <module-option name="uidAttributeID">uniqueMember</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="matchOnUserDN">true</module-option>
      <module-option name="rolesCtxDN">ou=Groups,dc=bahwancybertek,dc=com</module-option>
      </login-module>

      </application-policy>

      &&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&&

      I am giving my LDIF file below....
      *************************************************************

      # Define the LDAP directory's top level entry
      dn: dc=bahwancybertek, dc=com
      objectClass: top
      objectClass: dcObject
      objectClass: organization
      dc: bahwancybertek
      o: Bahwan

      # Define the Directory Manager entry
      dn: cn=Directory Manager,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: organizationalRole
      objectClass: labeledURIObject
      cn: Directory Manager
      cn: Manager
      cn: Directory Administrator
      cn: Administrator
      roleOccupant: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
      labeledURI: mailto:directorymanager@bahwancybertek.com Directory Manager
      seeAlso: dc=bahwancybertek,dc=com
      description: Manages the OpenLDAP directories

      # OU DEFINITIONS
      # People OU - for holding records of all individuals
      dn: ou=People,dc=bahwancybertek,dc=com
      ou: People
      objectClass: top
      objectClass: organizationalUnit

      # Groups OU - for holding records of groupings of individuals
      dn: ou=Groups,dc=bahwancybertek,dc=com
      ou: Groups
      objectClass: top
      objectClass: organizationalUnit

      # Roles OU - for holding records of roles and the groups to which those roles have been assigned
      dn: ou=Roles,dc=bahwancybertek,dc=com
      ou: Roles
      objectClass: top
      objectClass: organizationalUnit

      # PEOPLE ENTRIES
      dn: uid=jaiganesh,ou=People, dc=bahwancybertek, dc=com
      mail: jai@bct.com
      uid: jaiganesh
      userPassword: 123
      ou: People
      givenName: jai
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      sn: ganesh
      cn: jaiganesh

      dn: uid=rajazekar,ou=People, dc=bahwancybertek, dc=com
      uid: rajazekar
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      ou: People
      givenName: rajasekar
      userPassword: 123
      sn: jeyaraman
      cn: rajasekarjeyaraman
      mail: raj@bct.com

      dn: uid=prathapc,ou=People, dc=bahwancybertek, dc=com
      uid: prathapc
      objectClass: top
      objectClass: person
      objectClass: organizationalPerson
      objectClass: inetOrgPerson
      ou: People
      sn: chakravarthy
      cn: prathapchakravarthy
      givenName: prathap
      userPassword: 123
      mail: prathapc@bct.com

      # GROUPS ENTRIES
      dn: cn=Member_admins,ou=Groups,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: Member_admins
      uniqueMember: uid=prathapc,ou=People,dc=bahwancybertek,dc=com

      dn: cn=Everyone,ou=Groups,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: Everyone
      uniqueMember: uid=prathapc,ou=People,dc=bahwancybertek,dc=com
      uniqueMember: uid=rajazekar,ou=People,dc=bahwancybertek,dc=com
      uniqueMember: uid=jaiganesh,ou=People,dc=bahwancybertek,dc=com

      dn: cn=Restricted,ou=Groups,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: Restricted
      uniqueMember: uid=rajazekar,ou=People,dc=bahwancybertek,dc=com

      # ROLES ENTRIES
      dn: cn=Authenticated_users,ou=Roles,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: Authenticated_users
      uniqueMember: cn=Everyone,ou=Groups,dc=bahwancybertek,dc=com

      dn: cn=Administrator,ou=Roles,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: Administrator
      uniqueMember: cn=Member_admins,ou=Groups,dc=bahwancybertek,dc=com

      dn: cn=Restricted_users,ou=Roles,dc=bahwancybertek,dc=com
      objectClass: top
      objectClass: groupOfUniqueNames
      cn: Restricted
      uniqueMember: cn=Restricted,ou=Groups,dc=bahwancybertek,dc=com


      **************************************************************