Hi,
Thanks for the help & pointers (QS was especially useful)....
I now have my login-config.xml file, as below, with the name "LDAPLogin".
How/where do I tell JBoss that the authentication needs to point to this
application-policy?
Thanks
Chris
-=-=-=
<application-policy name = "LDAPLogin">
<authentication>
<login-module code = "org.jboss.security.auth.spi.LdapLoginModule"
flag = "required">
<module-option name =
"java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-optio
n>
<module-option name =
"java.naming.provider.url">ldap://myserver:389</module-option>
<module-option name =
"java.naming.security.authentication">simple</module-option>
<module-option name =
"principalDNPrefix">uniquemember=</module-option>
<module-option name =
"principalDNSuffix">,ou=Groups,o=ecb.int</module-option>
<module-option name =
"uidAttributeID">uniqueMember</module-option>
<module-option name = "roleAttributeID">cn</module-option>
<module-option name =
"rolesCtxDN">ou=Groups,dc=o=ecb.int</module-option>
<module-option name = "matchOnUserDN">true</module-option>
</login-module>
</authentication>
</application-policy>
> -----Original Message-----
> From: Shaw, Chris
> Sent: 12 June 2002 14:25
> To: '[EMAIL PROTECTED]'
> Subject: LDAP Authentication settings
>
> Hi,
>
> I'm using the latest (and greatest) JBoss v3.0.0 with integrated Tomcat
> 4.0.3 to deploy a .war web archive - now I want to integrate
> authentication with LDAP.
>
> I have created the correct entries in my WEB-INF/web.xml file (see below),
> and created a login.html file which posts to: j_security_check.
>
> Now I am trying to find out how to integrate this with my LDAP server, ie
> where I specify my server name, port, base dn, etc etc.
>
> I have searched the mail archives and the documentation (though obviously
> not the forums at the mo.!), but all the references seem to be pointing
> towards putting the settings in auth.conf. But when I open up this file I
> see that it states the following:
> // This file is now obsolete but is read for backward compatability
> // Use the login-config.xml file instead
>
> Can someone point me towards a sample login-config.xml for LDAP
> integration...
>
> Thanks in advance...
>
> Chris
> -=-=-=
>
> WEB-INF/web.xml
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>WEB Resource</web-resource-name>
> <description>Web resource description</description>
> <url-pattern>/</url-pattern>
> <http-method>HEAD</http-method>
> <http-method>GET</http-method>
> <http-method>POST</http-method>
> <http-method>PUT</http-method>
> <http-method>DELETE</http-method>
> </web-resource-collection>
> <auth-constraint>
> <description>Auth constraint description</description>
> <role-name>CNSRole</role-name>
> </auth-constraint>
> <user-data-constraint>
> <transport-guarantee>NONE</transport-guarantee>
> </user-data-constraint>
> </security-constraint>
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.html</form-login-page>
> <form-error-page>/login-fail.html</form-error-page>
> </form-login-config>
> </login-config>
>
> ~~~~~~~~~~~~~~~~~~~~
> Chris Shaw
> European Central Bank
> DG Information Systems
> * [EMAIL PROTECTED]
> ~~~~~~~~~~~~~~~~~~~~
>
Any e-mail message from the European Central Bank (ECB) is sent in good faith but
shall neither be binding nor construed as constituting a commitment by the ECB except
where provided for in a written agreement.
This e-mail is intended only for the use of the recipient(s) named above. Any
unauthorised disclosure, use or dissemination, either in whole or in part, is
prohibited.
If you have received this e-mail in error, please notify the sender immediately via
e-mail and delete this e-mail from your system.
_______________________________________________________________
Don't miss the 2002 Sprint PCS Application Developer's Conference
August 25-28 in Las Vegas -
http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
