1 Reply Latest reply on May 16, 2006 3:26 AM by senthil kumar

    Using ADAM (Active Directory Application Mode) & LdapExtLogi

    senthil kumar Newbie

      Hi,

      I am using ADAM(a mini version of Active Directory), and I want to use either LdapLoginModule or LdapExtLoginModule. I am unable to logon my application. Its repeatedly asking username, password

      I wrote a standalone program to connect with ADAM, I am able to fetch entries, Here are the properties to connect.

      Hashtable hs=new Hashtable();
      hs.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory");
      hs.put(Context.PROVIDER_URL,"ldap://localhost:389/OU=security,DC=ties,DC=teradata,DC=ncr,DC=com");
      hs.put(Context.SECURITY_AUTHENTICATION,"simple");
      hs.put(Context.SECURITY_PRINCIPAL,"CN=admin1,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com");
      hs.put(Context.SECURITY_CREDENTIALS,"admin1");


      Under the OU=security context, I created groups and users like below

      CN=admin,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com
      CN=developer,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com
      CN=user,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com

      CN=admin1,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com
      CN=developer1,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com
      CN=user1,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com



      Here is login module config

      <application-policy name="myrealm">

      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
      <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
      <module-option name="bindDN">CN=admin1,OU=security,DC=ties,DC=teradata,DC=ncr,DC=com</module-option>
      <module-option name="bindCredential">admin1</module-option>
      <module-option name="baseCtxDN">OU=security,DC=ties,DC=teradata,DC=ncr,DC=com</module-option>
      <module-option name="baseFilter">(cn={0})</module-option>

      <module-option name="rolesCtxDN">OU=security,DC=ties,DC=teradata,DC=ncr,DC=com</module-option>
      <module-option name="roleFilter">(member={0})</module-option>
      <module-option name="roleAttributeID">memberOf</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleNameAttributeID">name</module-option>

      <module-option name="roleRecursion">-1</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
      </login-module>

      </application-policy>


      where did I go wrong, Please help



        • 1. Re: Using ADAM (Active Directory Application Mode) & LdapExt
          senthil kumar Newbie

          I found where I made mistake.

          wrong one
          <module-option name="roleFilter">(member={0})</module-option>

          correct one
          <module-option name="roleFilter">(member={1})</module-option>

          0 will by substituted by given user name
          1 will by substituted by given user DN

          Each group's member attribute have user DN as value and not username
          So I have to give 1 only

          (Sorry i did not read wiki knowledge base properly, there its cleary mentioned)

          the full working one login module config is

          <application-policy name="myrealm">

          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
          <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option name="java.naming.provider.url">ldap://localhost</module-option>
          <module-option name="java.naming.security.authentication">simple</module-option>
          <module-option name="bindDN">cn=admin1,ou=security,dc=ties,dc=teradata,dc=ncr,dc=com</module-option>
          <module-option name="bindCredential">admin1</module-option>

          <module-option name="baseCtxDN">ou=security,dc=ties,dc=teradata,dc=ncr,dc=com</module-option>
          <module-option name="baseFilter">(cn={0})</module-option>

          <module-option name="rolesCtxDN">ou=security,dc=ties,dc=teradata,dc=ncr,dc=com</module-option>
          <module-option name="roleFilter">(member={1})</module-option>
          <module-option name="roleAttributeID">cn</module-option>
          <module-option name="roleRecursion">-1</module-option>
          </login-module>

          </application-policy>