This content has been marked as final.
Show 2 replies
-
1. Re: j_security_check not working in LDAP based Authenticatio
jbosexplorer Dec 14, 2007 6:48 AM (in response to jbosexplorer)No takers so far?
Some more information. I've my LDAP setting as<application-policy name = "myrealm"> <authentication> <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://ldapserver:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="java.naming.security.principal">uid=admin,ou=administrators,ou=topologymanagement,o=netscaperoot</module-option> <module-option name="java.naming.security.credentials">pwd</module-option> <module-option name="baseDN">dc=company,dc=co,dc=uk</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=people,dc=company,dc=co,dc=uk</module-option> <module-option name="uidAttributeID">uid</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="rolesCtxDN">ou=Roles,dc=company,dc=co,dc=uk</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="matchOnUserDN">true</module-option> </login-module> <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional"> <module-option name="rolesProperties">props/propsrsdmRolesMapping.properties</module-option> <module-option name="replaceRole">false</module-option> </login-module> </authentication> </application-policy>
My propsrsdmRolesMapping.properties file hasdeploymentRole=RSMDeployment admRole=RSMADM skillsRole=RSMSkills projManRole=RSMProjMan spaRole=RSMSPA itbmRole=RSMITBM RSMSkills=skillsRole RSMDeployment=deploymentRole RSMADM=admRole RSMProjMan=projManRole RSMSPA=spaRole RSMITBM=itbmRole
Could anybody help?
Ta -
2. Re: j_security_check not working in LDAP based Authenticatio
jbosexplorer Dec 16, 2007 7:55 AM (in response to jbosexplorer)Solved the problem. I've added the following in login-config.xml
<module-option name="uidAttributeID">uniquemember</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="rolesCtxDN">ou=Groups,dc=company,dc=co,dc=uk</module-option> <module-option name="matchOnUserDN">true</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option>
And, changed the following role-name in web.xml to the 'actual' role name as in LDAP. JBoss is not mapping the roles names described in jboss-web.xml