Hi all,
It's about 2 days that i'm not able to resolve this problem. I'm trying to
configure jboss to work with a webapplication that actually run under tomcat
5.5, but i'm not able to to configure LdapLoginModule.
The page that should appear after login is in a protected area associated with
a role "Cataloguer". This role is associated in LDAP tree, as an attribute of
each users as value of field initials.
When I try to login I receive an error 403 as the user isn't in the correct
role.
I trace in a public jsp request.getUserPrincipal().getName() and
request.isUserInRole("Cataloguer"), and I call this page after my login. I see
that the user Principal is correct but the condition isUserInRole return false.
I activate trace information in log4j.xml for category
"org.jboss.security.auth.spi" and this is the output .
2006-08-28 23:37:04,015 DEBUG
[org.jboss.security.plugins.JaasSecurityManagerService] Added ldap-pdil, [EMAIL
PROTECTED] to map
2006-08-28 23:37:04,031 TRACE [org.jboss.security.auth.spi.LdapLoginModule]
initialize, [EMAIL PROTECTED]
2006-08-28 23:37:04,031 TRACE [org.jboss.security.auth.spi.LdapLoginModule]
login
2006-08-28 23:37:04,031 TRACE [org.jboss.security.auth.spi.LdapLoginModule]
Logging into LDAP server,
env={java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory,
principalDNPrefix=cn=,
java.naming.security.principal=cn=Cataloguer_1,ou=people,dc=mycompany,dc=com,
roleAttributeID=initials, matchOnUserDN=false,
principalDNSuffix=,ou=people,dc=soloreti,dc=net, allowEmptyPasswords=false,
java.naming.provider.url=ldap://localhost:389/, roleAttributeIsDN=false,
java.naming.security.authentication=simple,
java.naming.security.credentials=***}
2006-08-28 23:37:04,078 TRACE [org.jboss.security.auth.spi.LdapLoginModule]
Logged into LDAP server, [EMAIL PROTECTED]
2006-08-28 23:37:04,078 TRACE [org.jboss.security.auth.spi.LdapLoginModule]
Rebind SECURITY_PRINCIPAL to: cn=Manager,dc=mycompany,dc=com2006-08-28
23:37:04,078 TRACE [org.jboss.security.auth.spi.LdapLoginModule] User
'Cataloguer_1' authenticated, loginOk=true
2006-08-28 23:37:04,078 TRACE [org.jboss.security.auth.spi.LdapLoginModule]
commit, loginOk=true
My application define 4 private area, each of them are associated to a role; in
my LDAP role information is the attribute "initials" of the user.
I configure an application policy under login-config.xml
<application-policy name="ldap-pdil">
<!--<login-module
code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">-->
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule"
flag="required">-->
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldap://localhost:389/</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option
name="java.naming.security.principal">cn=Manager,dc=mycompany,dc=com/module-option>
<module-option
name="java.naming.security.credentials">secret</module-option>
<module-option name="principalDNPrefix">cn=</module-option>
<module-option
name="principalDNSuffix">,ou=people,dc=mycompany,dc=com</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">initials</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
</application-policy>
and i referenced it in my login module
<login-config>
<auth-method>FORM</auth-method>
<realm-name>ldap-pdil</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/errors/loginFailedError.jsp</form-error-page>
</form-login-config>
</login-config>
I think that i don't configure correctly these module option "matchOnUserDN",
"roleAttributeID", "roleAttributeIsDN" : I try different value but the result
is the same!
Some one can help me?
Why the user successfully login, but no role information are available?
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3967944#3967944
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3967944
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
