JAAS and OpenLdap configuration
jej2003 Oct 27, 2008 5:02 PMI am trying to setup a JAAS Domain to authenticate against an LDAP server, but I keep getting [LDAP: error code 49 - Invalid Credentials]. Can anyone help shed some light on this? The googling I did seemed to point to the java.naming.security.principal being wrong, but it is not. Any help would be appreciated.
LDIF:
# This file was generated on 2008-10-27 at 13:52:13 # by Softerra LDAP Administrator v4 [ http://www.ldapadministrator.com ] dn: dc=test,dc=com dc: test description: test objectClass: dcObject objectClass: organization o: test dn: ou=people,dc=test,dc=com ou: people description: All the peoples in da hizzouse objectClass: organizationalUnit dn: description=Mr. Jamie Johnson 2008102372,ou=people,dc=test,dc=com description: Mr. Jamie Johnson 2008102372 sn: Johnson ou: test objectClass: person objectClass: organizationalPerson objectClass: uidObject uid: jjohnson telephoneNumber: 123-456-7890 title: Software Engineer userPassword: jjohnson cn: jjohnson dn: description=Mr. Test User 2008102313,ou=people,dc=test,dc=com telephoneNumber: 123-456-7890 description: Mr. Test User 2008102313 sn: User objectClass: person objectClass: organizationalPerson objectClass: uidObject uid: tuser userPassword: tuser cn: tuser dn: ou=groups,dc=test,dc=com description: All the subservient minions objectClass: organizationalUnit ou: groups dn: cn=Administrators,ou=groups,dc=test,dc=com objectClass: top objectClass: groupOfNames member: cn=jjohnson cn: Administrators dn: cn=Users,ou=groups,dc=test,dc=com objectClass: top objectClass: groupOfNames member: cn=tuser cn: Users
<application-policy name="testLDAP"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://LDAPSERVER:389</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="java.naming.security.principal">uid=Manager,dc=test,dc=com</module-option> <module-option name="java.naming.security.credentials">secret</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=people,dc=test,dc=com</module-option> <module-option name="rolesCtxDN">ou=groups,dc=test,dc=com</module-option> <module-option name="uidAttributeID">member</module-option> <module-option name="matchOnUserDN">false</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="searchScope">ONELEVEL_SCOPE</module-option> </login-module> </authentication>