[JBoss-dev] [ jboss-Patches-638718 ] LdapLoginModule supports ActiveDirectory

Thu, 14 Nov 2002 14:53:00 -0800 

Patches item #638718, was opened at 2002-11-14 14:48
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376687&aid=638718&group_id=22866

Category: JBossSX
Group: v3.0 Rabbit Hole
Status: Open
Resolution: None
Priority: 5
Submitted By: Randy Shoup (rshoup)
Assigned to: Nobody/Anonymous (nobody)
Summary: LdapLoginModule supports ActiveDirectory

Initial Comment:
LdapLoginModule in JBoss 3.0.3 does not have sufficient
flexibility to support reading user-role information
from user-Group assignments in Microsoft ActiveDirectory.

In the user record, ActiveDirectory stores the DNs of
the Groups to which the user has been assigned. 
LdapLoginModule in JBoss 3.0.3 assumes that the role
attribute of a user record would be the role name
instead of a DN to a role object.

This patch adds two additional config parameters:
roleAttributeIsDN:  whether role attribute is a DN or a
role name
roleNameAttributeId:  the name of the role name
attribute of the role object

If `roleAttributeIsDN` is true, the patch looks up the
object corresponding to the role DN, then gets the
attribute named by `roleNameAttributeId` to provide the
role name.

For ActiveDirectory, the appropriate login-module
config settings would look like:

testLdapToActiveDirectory {
    org.jboss.security.auth.spi.LdapLoginModule required
     
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
     
java.naming.provider.url="ldap://ldaphost.jboss.org:1389/";
      java.naming.security.authentication=simple
      rolesCtxDN=cn=Users,dc=ldaphost,dc=jboss,dc=org
      uidAttributeID=userPrincipalName
      roleAttributeID=memberOf
      roleAttributeIsDN=true
      roleNameAttributeID=name
};


----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376687&aid=638718&group_id=22866


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to