[jboss-user] [JBoss Portal] - LdapExtLoginModule + multiple baseCtxDN

Mia Axelsson Tue, 15 Nov 2011 08:06:19 -0800

Mia Axelsson [http://community.jboss.org/people/max68] created the discussion


"LdapExtLoginModule + multiple  baseCtxDN"

To view the discussion, visit: http://community.jboss.org/message/636631#636631

--------------------------------------------------------------
Hi!
I´m using e-directory and our tree has 2 Organization (O) and i want to use 
booth in baseCtxDN or in some other way.
How can i do that? I can get the users in O=org1 to login but not from O=org2. 
If i change baseCtxDN to O=org2 the users in org2 can login.

I have tried to use 2 baseCtxDN, dose´t work. I have used baseCtxDN T=treename, 
does´t work. I have used blanc baseCtxDN, don´t work. I have tried no 
baseCtxDN, don´t work.
I tried to use double <login-module code> in same  <application-policy name>, 
don´t work. I used 2 <application-policy name = "jmx-console">, dont work. 
Anybody knows? 

My login-config.xml looks something like this.
<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" 
flag="required">
<module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldaps://xxx:636/</module-option>
<module-option name="java.naming.security.authentication">simple 
</module-option>
<!-- Rebind as a user with search priviledges for the role queries -->
<module-option 
name="java.naming.security.principal">cn=xxx,ou=xxx,o=org1</module-option>
<module-option name="java.naming.security.credentials"></module-option>
<module-option name="baseCtxDN">o=Org1</module-option>
<module-option name="baseFilter">(cn={0})</module-option>
<module-option name="rolesCtxDN">ou=xxx,ou=xxx,ou=xxx,o=org1</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="searchTimeLimit">5000</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="allowEmptyPasswords">false</module-option> 
</login-module>
</authentication>
</application-policy>

Many Thanks!!!
--------------------------------------------------------------

Reply to this message by going to Community
[http://community.jboss.org/message/636631#636631]

Start a new discussion in JBoss Portal at Community
[http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2011]

_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user

[jboss-user] [JBoss Portal] - LdapExtLoginModule + multiple baseCtxDN

Reply via email to