[JBoss-dev] [ jboss-Bugs-638724 ] LdapLoginModule not support MS ActiveDir

Mon, 06 Jan 2003 22:52:34 -0800 

Bugs item #638724, was opened at 2002-11-14 14:59
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=638724&group_id=22866

Category: JBossSX
Group: v3.0 Rabbit Hole
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Randy Shoup (rshoup)
Assigned to: Scott M Stark (starksm)
Summary: LdapLoginModule not support MS ActiveDir

Initial Comment:
OS: Windows2000
JDK:  1.4

LdapLoginModule in JBoss 3.0.3 does not have sufficient
flexibility to support reading user-role information
from user-Group assignments in Microsoft ActiveDirectory.

In the user record, ActiveDirectory stores the DNs of
the Groups to which the user has been assigned.
LdapLoginModule in JBoss 3.0.3 assumes that the role
attribute of a user record would be the role name
instead of a DN to a role object.

I submitted patch #638718 which fixes this issue.

This patch adds two additional config parameters:
roleAttributeIsDN: whether role attribute is a DN or a
role name
roleNameAttributeId: the name of the role name
attribute of the role object

If `roleAttributeIsDN` is true, the patch looks up the
object corresponding to the role DN, then gets the
attribute named by `roleNameAttributeId` to provide the
role name.

For ActiveDirectory, the appropriate login-module
config settings would look like:

testLdapToActiveDirectory {
org.jboss.security.auth.spi.LdapLoginModule required

java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory

java.naming.provider.url="ldap://ldaphost.jboss.org:1389/";
java.naming.security.authentication=simple
rolesCtxDN=cn=Users,dc=ldaphost,dc=jboss,dc=org
uidAttributeID=userPrincipalName
roleAttributeID=memberOf
roleAttributeIsDN=true
roleNameAttributeID=name
}; 

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=376685&aid=638724&group_id=22866


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development

Reply via email to