I thought that was the case, but it still doesn't seem to work.
I ended up overriding the LDAPLoginModule anyway, here are the relavant pieces:
public class LdapLoginModule extends UsernamePasswordLoginModule {
private static final String BASE_DN = "dc=body,dc=local";
private static final String PRINCIPAL_DN_PREFIX_OPT =
"principalDNPrefix";
private static final String PRINCIPAL_DN_SUFFIX_OPT =
"principalDNSuffix";
private static final String MATCH_ON_USER_DN_OPT = "matchOnUserDN";
public LdapLoginModule()
{
}
private transient SimpleGroup userRoles = new SimpleGroup("Roles");
...
private void createLdapInitContext(String username, Object credential)
throws NamingException
{
...
try
{
NamingEnumeration answer = ctx.search(rolesCtxDN,
matchAttrs);
while (answer.hasMore())
{
SearchResult sr = (SearchResult) answer.next();
Attributes attrs = sr.getAttributes();
Attribute roles = attrs.get("name");
for (int r = 0; r < roles.size(); r++)
{
String roleName = roles.get(r).toString();
if (roleName != null)
{
try
{
Principal p = super.createIdentity(roleName);
log.trace("Assign user to role " + roleName);
userRoles.addMember(p);
}
catch (Exception e)
{
log.debug("Failed to create principal: " +
roleName, e);
}
}
}
}
}
catch (NamingException e)
{
log.trace("Failed to locate roles", e);
}
...
}
Thanks for the reply, hopefully I'm just missing something.
View the original post :
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4108739#4108739
Reply to the post :
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4108739
_______________________________________________
jboss-user mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/jboss-user
