I finally figured it out and thought I'd post what I found in case someone else
has the same issue. Turned on the trace in jboss and read through the
LdapLoginModule source code. The user I was trying to log in with wasn't in
the Administrators or Readers role. Doesn't even matter if they're in the
Users role. Think I'm going to use LdapExtLoginModule instead. Not sure if
this is a parameter that can be turned off because I couldn't find any detailed
documentation on adam.
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldap://localhost:389/</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">CN=</module-option>
<module-option name="principalDNSuffix">,O=my.org</module-option>
<module-option name="rolesCtxDN">O=my.org</module-option>
<module-option name="roleAttributeID">CN</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleNameAttributeID">name</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="matchOnUserDN">true</module-option>
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4099009#4099009
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4099009
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
