Sorry the fatwire, was lack of scrubbing the data. as for the other
dc=fatwire.com I fixed that to be dc=example,dc=com
The typo of dc=fatwire.com was the problem authentication is now working for
openLDAP. I'm including the working LDIF and ldap-identity-config.xml from my
install as this may help others in the future. Before use fix the passwords
from the users ldapuser and admin as well as the login for openLDAP. My setup
assumes that openLDAP is installed on the same server as jboss portal 2.6.
LDIF from OpenLDAP:
| dn: dc=example,dc=com
| dc: example
| description: OpenLDAP pre_cs_setup
| objectClass: dcObject
| objectClass: organization
| o: Example Software
|
| dn: cn=Manager, dc=example,dc=com
| objectClass: organizationalRole
| cn: Manager
|
| dn: ou=People, dc=example,dc=com
| ou: People
| objectClass: organizationalUnit
| objectClass: top
|
| dn: ou=Groups, dc=example,dc=com
| ou: Groups
| objectClass: organizationalUnit
| objectClass: top
|
| dn: cn=admin,ou=People, dc=example,dc=com
| userPassword: {SSHA}XXXXXX
| objectClass: top
| objectClass: organizationalPerson
| objectClass: person
| sn: admin
| cn: admin
|
| dn: cn=ldapuser,ou=People, dc=example,dc=com
| userPassword: {SSHA}XXXXXX
| description: JBoss Portal ldapuser User for test LDAP integration
password=username
| objectClass: top
| objectClass: organizationalPerson
| objectClass: person
| sn: ldapuser
| cn: ldapuser
|
| dn: cn=User,ou=Groups, dc=example,dc=com
| description: the JBoss Portal user group
| objectClass: top
| objectClass: groupOfUniqueNames
| uniqueMember: cn=ldapuser,ou=People,dc=example,dc=com
| cn: User
|
| dn: cn=Admin,ou=Groups, dc=example,dc=com
| description: the JBoss Portal admin group
| objectClass: top
| objectClass: groupOfUniqueNames
| uniqueMember: cn=admin,ou=People,dc=example,dc=com
| cn: Admin
|
ldap_identity-config.xml:
| <?xml version="1.0" encoding="UTF-8"?>
| <!--<!DOCTYPE identity-configuration PUBLIC
| "-//JBoss Portal//DTD JBoss Identity Configuration 1.0//EN"
| "http://www.jboss.org/portal/dtd/identity-config_1_0.dtd";>-->
| <identity-configuration>
| <datasources>
| <datasource>
| <name>LDAP</name>
| <config>
| <option>
| <name>host</name>
| <value>127.0.0.1</value>
| </option>
| <option>
| <name>port</name>
| <value>389</value>
| </option>
| <option>
| <name>adminDN</name>
| <value>cn=Manager,dc=example,dc=com</value>
| </option>
| <option>
| <name>adminPassword</name>
| <value>XXXXXXX</value>
| </option>
| </config>
| </datasource>
| </datasources>
| <modules>
| <module>
| <!--type used to correctly map in IdentityContext registry-->
| <type>User</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Role</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Membership</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>UserProfile</type>
| <implementation>DELEGATING</implementation>
| <config>
| <option>
| <name>ldapModuleJNDIName</name>
| <value>java:/portal/LDAPUserProfileModule</value>
| </option>
| </config>
| </module>
| <module>
| <type>DBDelegateUserProfile</type>
| <implementation>DB</implementation>
| <config>
| <option>
| <name>randomSynchronizePassword</name>
| <value>true</value>
| </option>
| </config>
| </module>
| <module>
| <type>LDAPDelegateUserProfile</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| </modules>
|
| <options>
| <option-group>
| <group-name>common</group-name>
| <option>
| <name>userCtxDN</name>
| <value>ou=People,dc=example,dc=com</value>
| </option>
| <option>
| <name>uidAttributeID</name>
| <value>cn</value>
| </option>
| <option>
| <name>passwordAttributeID</name>
| <value>userPassword</value>
| </option>
|
| <option>
| <name>roleCtxDN</name>
| <value>ou=Groups,dc=example,dc=com</value>
| </option>
| <option>
| <name>ridAttributeId</name>
| <value>cn</value>
| </option>
| <option>
| <name>roleDisplayNameAttributeID</name>
| <value>cn</value>
| </option>
| <option>
| <name>membershipAttributeID</name>
| <value>uniqueMember</value>
| </option>
| <option>
| <name>membershipAttributeIsDN</name>
| <value>true</value>
| </option>
| </option-group>
| <option-group>
| <group-name>userCreateAttibutes</group-name>
| <option>
| <name>objectClass</name>
| <!--This objectclasses should work with Red Hat Directory-->
| <value>top</value>
| <value>person</value>
| <value>organizationalPerson</value>
| </option>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <option>
| <name>sn</name>
| <value>none</value>
| </option>
| </option-group>
|
| <option-group>
| <group-name>roleCreateAttibutes</group-name>
| <option>
| <name>objectClass</name>
| <value>top</value>
| <value>groupOfUniqueNames</value>
| </option>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <!--Some directory servers require this attribute to be valid DN-->
| <!--For safety reasons point to the admin user here-->
| <option>
| <name>member</name>
| <value>cn=admin,ou=People,dc=example,dc=com</value>
| </option>
| </option-group>
| </options>
| </identity-configuration>
|
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4059931#4059931
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4059931
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
