Okay so the way I ended up working around the security issues when using LDAP is this:
- I downloaded the source so I could build the JBoss Portal myself. - I DID NOT enable LDAP authenitcation and used the standard setup that comes with JBoss Portal. - I created all the users I wanted in JBoss Portal the usual way, all with the same password, for example, "mypassword", but made sure that each username corresponded to the user name in my LDAP directory. - I downloaded the JLdap library from www.openldap.org. - I put the jar file in the portal lib directory. - I added the jar file to jboss-portal-2.4.1-src\thirdparty. - Added the classpath to jboss-portal-2.4.1-src\identity\build.xml. - I edited jboss-portal-2.4.1-src\identity\src\main\org\jboss\portal\identity\auth\IdentityLoginModule in the JBoss Portal source code and added my own LDAPAuthentication method. - In IdentityLoginModule, I edited the method validatePassword, and at the top of it, I called my LDAPAuthentication method with the supplied username and password, which then returned true if LDAP authenitcation passed, or false if it failed. If true was returned, I changed the supplied password to "mypassword" in validatePassword method, otherwise I changed it to "incorrect" or some other incorrect string. Now the rest of validatePassword method continues normally, and will login the user locally if they used their correct LDAP password. - I built the portal source from scratch, and my customized LDAP authentication worked perfectly. A workaround I know, but it works, and hopefully will help someone else. When JBoss Portal 2.6 is stable, I will upgrade to that, and all of this will probably fall away. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4015061#4015061 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4015061 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
