[jboss-user] [JBoss Portal] - Re: LDAP and Active Directory

Mon, 02 Oct 2006 09:36:36 -0700 

Wiki sez that the "rolesCtxDN" is the path to the users account and not the 
path to the actual group/role.

When I set this the servlet crashes with a account not found exception. 
However, when I change the path to the group path. It authenticates the user 
but can't find the user group/role.

I am confused.

As I have said the user accounts and groups are in different subtrees.

#################################################

This crashes the login servlet with account not found. Account are in the 
following container.


<module-option name="rolesCtxDN">ou=Adomain Users,ou=Adomain 
Resources,dc=adomain,dc=com</module-option>





        <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" 
flag="required" >
            <!--
                Some AD configurations may require searching against
                the Global Catalog on port 3268 instead of the usual
                port 389.  This is most likely when the AD forest
                includes multiple domains.
            -->
            <module-option 
name="java.naming.provider.url">ldap://adserver.adomain.com:389</module-option>
            <module-option name="bindDN">DomainUser</module-option>
            <module-option name="bindCredential">DomainPassword</module-option>
            <module-option name="baseCtxDN">dc=adomain,dc=com</module-option>
            <module-option 
name="baseFilter">(sAMAccountName={0})</module-option>
            
            <module-option name="rolesCtxDN">ou=Adomain Users,ou=Adomain 
Resources,dc=adomain,dc=com</module-option>
            <module-option 
name="roleFilter">(sAMAccountName={0})</module-option>
            <module-option name="roleAttributeID">memberOf</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleNameAttributeID">cn</module-option>

            <module-option name="roleRecursion">-1</module-option>
            
            <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
        </login-module>


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3975561#3975561

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3975561
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to