2 Replies Latest reply on Jun 25, 2007 5:01 AM by Matthias Boschen

    Getting started with LDAP

    Matthias Boschen Newbie

      Hi all,

      I'm an newby in AS development, so excuse my ignorance (and my joggled english).

      Actually I'm challenged with the implementation of the security layer of my application (called tms).
      My configuration:
      I put the client-application as jar-file with all further needed libraries into one war-file, next with the server ejb and further service archives into one (huge) ear-file. Deployment without any security works fine.

      I have to meet the requirement to verify the login against LDAP,
      so I set up my application policy in server/tms/conf/login.config.xml:

       <application-policy name = "tms">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
       flag="required">
       <module-option name="java.naming.factory.initial">
       com.sun.jndi.ldap.LdapCtxFactory
       </module-option>
       <module-option name="java.naming.provider.url">
       ldap://ldapserver:389/
       </module-option>
       <module-option name="java.naming.security.authentication">
       simple
       </module-option>
      
       <module-option name="password-stacking">useFirstPass</module-option>
      
      ....
      
       </login-module>
       <login-module code="org.jboss.security.ClientLoginModule"
       flag="required">
       <module-option name="password-stacking">useFirstPass</module-option>
       </login-module>
       </authentication>
       </application-policy>
      


      I configured my web-application in war/web-inf/web.xml:
       <security-constraint>
       <web-resource-collection>
       <web-resource-name>restricted</web-resource-name>
       <url-pattern>/*</url-pattern>
       </web-resource-collection>
       <auth-constraint>
       <role-name>tms.user</role-name>
       </auth-constraint>
       <transport-guarantee>NONE</transport-guarantee>
       </security-constraint>
      
       <login-config>
       <auth-method>BASIC</auth-method>
       <realm-name>TMS</realm-name>
       </login-config>
      
       <security-role>
       <role-name>tms.user</role-name>
       </security-role>
      


      As result, when requesting my application from within a webbrowser (localhost:8080/tms) I see a standard web-login dialog, the login works fine, it even refuses wrong user/passwords ;).
      But the first try to request an EJB fails with
      [LdapLoginModule] Bad password for username=null


      So what's missing, how do I propagate the principal/credential from the initial login to the EJB-request ?

      One further challenge: I have to modify the Login dialog to insert a further 'mandatory' field, where can I configure and introduce my own dialog ?

      Thanks in advance,
      Matz