0 Replies Latest reply on Aug 1, 2006 4:48 PM by Joel Ryan

    JBoss Portal LDAP Authentication

    Joel Ryan Newbie

      I have JBoss portal (2.2.1-SP3-bundled) authenticating correctly against an OpenLDAP server. When I login with a *valid* username/password, though, subsequent pages fail with the error listed below.

      Is the problem that the user 'jduke' needs to be in JBoss's user database as well as in LDAP? It seems like the LdapExtLoginModule would take care of this automatically. Do I need to write a custom LoginModule?

      I've been all over google on this one and would greatly appreciate any help!

      Thanks a million!
      -- Joel

      exception

      javax.servlet.ServletException: No such user No such user jduke
      org.jboss.portal.server.servlet.PortalServlet.doGet(PortalServlet.java:227)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:697)
      javax.servlet.http.HttpServlet.service(HttpServlet.java:810)
      org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)

      root cause

      org.jboss.portal.core.model.NoSuchUserException: No such user No such user jduke
      org.jboss.portal.core.impl.user.UserModuleImpl.findUserByUserName(UserModuleImpl.java:123)
      org.jboss.portal.core.aspects.server.UserInterceptor.invoke(UserInterceptor.java:100)
      org.jboss.portal.server.ServerInterceptor.invoke(ServerInterceptor.java:38)
      ...

      Here's the login-config.xml:
      <application-policy name="portal">

      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
      <module-option name="java.naming.provider.url">ldap://localhost:389</module-option>
      <module-option name="bindDN">cn=Manager,dc=jboss,dc=org</module-option>
      <module-option name="bindCredential">secret</module-option>
      <module-option name="baseCtxDN">ou=People,dc=jboss,dc=org</module-option>
      <module-option name="baseFilter">(uid={0})</module-option>

      <module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
      <module-option name="roleFilter">(member={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">true</module-option>
      <module-option name="roleNameAttributeID">cn</module-option>

      <module-option name="roleRecursion">-1</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>

      <module-option name="password-stacking">useFirstPass</module-option>
      <module-option name="passwordValidation">remote</module-option>
      </login-module>

      </application-policy>

      And here's what's in the LDAP:
      dn: dc=jboss,dc=org
      objectclass: top
      objectclass: dcObject
      objectclass: organization
      dc: jboss
      o: JBoss

      dn: ou=People,dc=jboss,dc=org
      objectclass: top
      objectclass: organizationalUnit
      ou: People

      dn: uid=jduke,ou=People,dc=jboss,dc=org
      objectclass: top
      objectclass: uidObject
      objectclass: person
      uid: jduke
      cn: Java Duke
      sn: Duke
      userPassword: theduke

      dn: ou=Roles,dc=jboss,dc=org
      objectclass: top
      objectclass: organizationalUnit
      ou: Roles

      dn: cn=JBossAdmin,ou=Roles,dc=jboss,dc=org
      objectclass: top
      objectclass: groupOfNames
      cn: JBossAdmin
      member: uid=jduke,ou=People,dc=jboss,dc=org
      description: the JBossAdmin group