2 Replies Latest reply on Aug 2, 2005 2:39 PM by Schacher

    LDAP: client-side authentication

    Schacher Newbie

      i have to authenticate users on the client-side (Java-Swing, auth.: ldap)
      i tried it with the ClientLoginModule, but i NEVER received a exception (i expected to get an exception when i enter a wrong username/password).

      [...]

      jboss-documentation:
      note that this login module does not perform any authentication [...] if you need to perform client-side authentication of users, you would need to configure login modules in addition to clientloginmodule.

      shy question: is there a LDAPLogin-Module for client-side authentication? if yes, can anybody please! post a config example?

      thanks in advance
      marc

        • 1. Re: LDAP: client-side authentication
          Scott Stark Master

          The same ldap login module that works on the server side.

          • 2. Re: LDAP: client-side authentication
            Schacher Newbie

            thank you for reply.

            here is an example (if someone else has the same problem... )

            client:

             try {
            
             System.setProperty("java.security.auth.login.config", "...pathtoauthconf\\auth.conf");
             org.jboss.security.auth.callback.UsernamePasswordHandler handler = new org.jboss.security.auth.callback.UsernamePasswordHandler(userid, password.toCharArray());
             final javax.security.auth.login.LoginContext lc = new javax.security.auth.login.LoginContext("testPolicy", handler);
             lc.login();
             }
             catch (Exception ex) {
             // login failed
             }
            


            auth.conf:
            testPolicy {
             org.jboss.security.ClientLoginModule required;
             org.jboss.security.auth.spi.LdapLoginModule required
             java.naming.factory.initial="com.sun.jndi.ldap.LdapCtxFactory"
             java.naming.provider.url="ldap://localhost:389/"
             java.naming.security.authentication="simple";
             rolesCtxDN="ou=Roles,dc=eactAG,dc=ch"
             matchOnUserDN="true"
             principalDNSuffix=",ou=People,dc=eactAG,dc=ch"
             principalDNPrefix="uid="
             uidAttributeID="userid"
             roleAttributeID="roleName"
             roleAttributeIsDN="false"
            };