0 Replies Latest reply on Aug 17, 2005 11:06 AM by Jesse Pretorius

    LDAP authentication for JBoss 4.0.1 sp1

    Jesse Pretorius Newbie

      Ideally what I want is contextless login based on the user's CN. Can someone help me build the right policy to achieve this?

      This is what I added to conf/login-config.xml:

      <application-policy name="extend">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
      <module-option name="java.naming.provider.url">;ldap://10.0.0.11:389/</module-option>
      <module-option name="uidAttributeID">;inetOrgPerson</module-option>
      <module-option name="roleAttributeID">;memberOf</module-option>
      <module-option name="roleAttributeIsDN">;true</module-option>
      <module-option name="roleNameAttributeID">;name</module-option>
      <module-option name="java.naming.security.principle">cn=admin,ou=Services,o=Corp</module-option>
      <module-option name="java.naming.security.principle">password</module-option>
      </login-module>

      </application-policy>

      I tried this too, without success:

      <application-policy name="extend">

      <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
      flag="required">
      <module-option name="java.naming.factory.initial">
      com.sun.jndi.ldap.LdapCtxFactory
      </module-option>
      <module-option name="java.naming.provider.url">
      ldap://10.0.0.11:389/
      </module-option>
      <module-option name="java.naming.security.authentication">
      simple
      </module-option>
      <module-option name="principalDNPrefix">uid=</module-option>
      <module-option name="principalDNSuffix">
      ,ou=Dept,o=Corp
      </module-option>
      <module-option name="rolesCtxDN">
      ou=Dept,o=Corp
      </module-option>
      <module-option name="uidAttributeID">memberOf</module-option>
      <module-option name="matchOnUserDN">true</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="roleAttributeIsDN">false </module-option>
      </login-module>

      </application-policy>