LDAP search + role with Karaf

Wed, 15 Dec 2010 09:02:47 -0800 

Hi,
I'm stuck with LDAP search and try to understand why the LDAPLoginModule of Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find the role. 

Here is the request that I made in my slapd server


ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com" 
-w xxxx -LLL -s one -b 
"ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" 
"(member:=uid=admin)" member

-->
dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
member: uid=admin

LDAP config

<jaas:config name="ldap">
<!-- -->

<jaas:module 
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" 
flags="required">

            initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
            connectionURL=ldap://[127.0.0.1]:389
            connectionUsername=cn=admin,dc=fusesource,dc=com
            connectionPassword=secret
            connectionProtocol=
            authentication=simple
            userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
            userRoleName=admin
            userSearchMatching=(cn={0})
            userSearchSubtree=false
            roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
            roleName=cn
            roleSearchMatching=(member:=uid={0})
            roleSearchSubtree=false
</jaas:module>

but it fails from LDAPLoginModule. In fact it does not find the role.

dn: ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: systems

dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: ActiveMQ

dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Group

dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: groupOfNames
objectClass: top
cn: admin
member: uid=admin

dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: User

dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: admin
sn: admin
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9


Any help is welcome.

Regards,

Charles






















					Reply via email to