0 Replies Latest reply on Oct 9, 2007 5:45 AM by Phil Barr

    Configuring Security against LDAP

    Phil Barr Newbie

      Hi all,

      I'm trying to get JBoss to secure a web app for me. I initially tried this just against Tomcat using a context.xml file and got it working. I've now "moved up a level" to JBoss and can't see where I'm going wrong.
      I've put the following at the bottom of my login-config.xml:
      <application-policy name="ldapsecurity">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://127.0.0.1:10389/</module-option>
      <module-option name="java.naming.security.authentication">simple</module-option>
      <module-option name="bindDN">uid=admin, ou=system</module-option>
      <module-option name="bindCredential">secret</module-option>
      <module-option name="baseFilter">(uid={0})</module-option>
      <module-option name="baseCtxDN">ou=Users,dc=example,dc=com</module-option>
      <module-option name="rolesCtxDN">ou=Groups,dc=example,dc=com</module-option>
      <module-option name="roleFilter">(uniquemember={0})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleRecursion">-1</module-option>
      </login-module>

      </application-policy>

      ....and I created a jboss-web.xml in the WEB-INF folder of my web app and put this in it:

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE jboss-web PUBLIC
      "-//JBoss//DTD Web Application 2.4//EN"
      "http://www.jboss.org/j2ee/dtd/jboss-web_4_0.dtd">
      <jboss-web>
      <security-domain>java:/jaas/ldapsecurity</security-domain>
      </jboss-web>

      ...but when i try and access my restricted content, I get asked for my username and password as expected, but they aren't recognised.

      Is there anything obvious I'm missing?

      Thanks for any help,

      Phil.