1 Reply Latest reply on Oct 26, 2007 12:50 PM by Anil Saldanha

    ActiveDirectory for login, DB for roles-query?

    Sam Boss Newbie

      Hi everybody,

      thas my big problem:
      The users are saved in the ActiveDirectory on a central server. I can login with JBoss with the login-config.xml:

      <application-policy name="xxx">
       <authentication>
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
       <module-option name="dsJndiName">java:/DefaultDS</module-option>
       <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
       <module-option name="java.naming.provider.url">ldap://192.168.1.10:389/DC=bsp,DC=local??base?(objectClass=*)</module-option>
       <module-option name="java.naming.security.authentication">simple</module-option>
       <module-option name="principalDNPrefix">CN=</module-option>
       <module-option name="principalDNSuffix">,CN=Users,DC=bsp,DC=local</module-option>
       <!--<module-option name="rolesCtxDN">CN=Users,DC=bsp,DC=local</module-option>-->
       <module-option name="uidAttributeID">sAMAccountName</module-option>
       <module-option name="matchOnUserDN">false</module-option>
       <!--<module-option name="roleAttributeID">cn</module-option>
       <module-option name="roleAttributeIsDN">true</module-option>-->
       </login-module>
       </authentication>
      </application-policy>


      the problem is that the roles of the users are not saved in the AD. Instead i can find them in a database with columns like bit isAdmin for example.
      I dont know how to add roles to the users or configurate the login-file to separate the source of the user and roles.

      Have anybody a suggestion?

      Thanks