1 Reply Latest reply on Jul 30, 2005 12:19 PM by Scott Stark

    connecting jboss and openldap-error 403 Access to the reques

    jiayin shao Newbie

      I'm trying to configure jboss to authenticate users in Openldap directory.Now when I access the URL,a popup windows appeared.If I enter correct username and password,I will encounter the error 403.But in log there is no any useful message.If my password is incorrect,the browser will keeping asking me to enter the username and password.

      Below is some configuration file:
      login-config.xml:
      <application-policy name = "web-console">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">
      com.sun.jndi.ldap.LdapCtxFactory
      </module-option>
      <module-option name="java.naming.provider.url">
      ldap://dl360-1.test:389/
      </module-option>
      <module-option name="java.naming.security.authentication">
      simple
      </module-option>
      <module-option name="principalDNPrefix">
      uid=
      </module-option>
      <module-option name="principalDNSuffix">
      ,ou=people,dc=osm,dc=ab,dc=com
      </module-option>
      <module-option name="rolesCtxDN">
      ou=groups,dc=osm,dc=ab,dc=com
      </module-option>
      <module-option name="roleAttributeID">cn
      </module-option>
      <module-option name="uidAttributeID">uid
      </module-option>
      <module-option name="matchOnUserDN">false
      </module-option>
      </login-module>

      </application-policy>

      web.xml:
      <security-constraint>
      <display-name>
      Constraints of the Administration Console's Security Environment
      </display-name>
      <!-- URI security patterns and the HTTP methods to protect on them. -->
      <web-resource-collection>
      <web-resource-name>Protected Admininistration Console Resources</web-resource-name>
      <url-pattern>/*</url-pattern>
      <http-method>GET</http-method>
      <http-method>POST</http-method>
      </web-resource-collection>
      <!-- Anyone with these roles may enter this area. -->
      <auth-constraint>
      <role-name>Admin</role-name>
      </auth-constraint>
      </security-constraint>

      <!-- Default login configuration uses form-based authentication -->
      <login-config>
      <auth-method>BASIC</auth-method>
      <realm-name>JBoss WEB Console</realm-name>
      </login-config>

      <!-- Security roles referenced by this web application -->
      <security-role>
      <role-name>Admin</role-name>
      </security-role>

      jboss-web.xml:
      <security-domain>java:/jaas/web-console</security-domain>

      information of ldap:
      ldapsearch -x -b 'dc=osm,dc=ab,dc=com'

      # osm.hp.com
      dn: dc=osm,dc=ab,dc=com
      objectClass: dcObject
      objectClass: organization
      o: GDIC
      dc: osm

      # people, osm.ab.com
      dn: ou=people,dc=osm,dc=ab,dc=com
      objectClass: organizationalUnit
      ou: people

      # groups, osm.ab.com
      dn: ou=groups,dc=osm,dc=ab,dc=com
      objectClass: organizationalUnit
      ou: groups

      # jjones, people, osm.ab.com
      dn: uid=jjones,ou=people,dc=osm,dc=ab,dc=com
      objectClass: inetOrgPerson
      uid: jjones
      sn: jones
      cn: janet jones
      mail: j.jones@ab.com

      # fbloggs, people, osm.ab.com
      dn: uid=fbloggs,ou=people,dc=osm,dc=ab,dc=com
      objectClass: inetOrgPerson
      uid: fbloggs
      sn: bloggs
      cn: fred bloggs
      mail: f.bloggs@ab.com

      # tomcat, groups, osm.ab.com
      dn: cn=tomcat,ou=groups,dc=osm,dc=ab,dc=com
      objectClass: groupOfUniqueNames
      cn: tomcat
      uniqueMember: uid=fbloggs,ou=people,dc=osm,dc=ab,dc=com
      uniqueMember: uid=jjones,ou=people,dc=osm,dc=ab,dc=com

      # role1, groups, osm.ab.com
      dn: cn=role1,ou=groups,dc=osm,dc=ab,dc=com
      objectClass: groupOfUniqueNames
      cn: role1
      uniqueMember: uid=fbloggs,ou=people,dc=osm,dc=ab,dc=com