did it work in jboss-3.0.0???
i had it working in 3.0.0 and it works in 3.0.1
my login-cong.xml snippet:
<application-policy name = "sicredi">
<authentication>
<login-module code =
"org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
<module-option name =
"java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name =
"java.naming.provider.url">ldap://10.1.10.51:389</module-option>
<module-option name =
"java.naming.security.authentication">simple</module-option>
<module-option name =
"principalDNPrefix">cn=</module-option>
<module-option name = "principalDNSuffix">, ou=Users,
dc=sicredi,dc=com,dc=br</module-option>
<module-option name = "uidAttributeID">uid</module-option>
<module-option name =
"roleAttributeID">description</module-option>
<module-option name = "rolesCtxDN">ou=Groups,
dc=sicredi,dc=com,dc=br</module-option>
</login-module>
</authentication>
</application-policy>
We use OpenLdap.
Jon Brisbin wrote:
> I've been having trouble getting my LDAP security set up in JBoss
> 3.0.1. I've added an <application-policy> into my login-config.xml,
> per the Quick Start guide's instructions. We use Domino 5.0.10 for our
> LDAP and the users I'm trying to log in as are being rejected saying
> their roles don't match. I have declared the roles in my web.xml and
> the config for the ldap security domain in JBoss is set to use the
> attribute "org" for roles.
>
> Attached are the config files for the JBoss security domain, my web
> descriptor, and an ldif export of the user that I'm trying to log in
> as.
>
> Any help on why this isn't working would be appreciated! :-)
>
>
>
>
>
> =====
> Thanks!
>
> Jon Brisbin
>
> [EMAIL PROTECTED]
> 417.682.6157 (h/w)
> 417.825.3995 (c)
>
> __________________________________________________
> Do You Yahoo!?
> HotJobs - Search Thousands of New Jobs
> http://www.hotjobs.com
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0"?>
> <!-- The XML based JAAS login configuration read by the
> org.jboss.security.auth.login.XMLLoginConfig mbean. Add
> an application-policy element for each security domain.
>
> The outline of the application-policy is:
> <application-policy name="security-domain-name">
> <authentication>
> <login-module code="login.module1.class.name" flag="control_flag">
> <module-option name = "option1-name">option1-value</module-option>
> <module-option name = "option2-name">option2-value</module-option>
> ...
> </login-module>
>
> <login-module code="login.module2.class.name" flag="control_flag">
> ...
> </login-module>
> ...
> </authentication>
> </application-policy>
>
> $Revision: 1.1.2.4 $
> -->
> <policy>
> <!-- Used by clients within the application server VM such as
> mbeans and servlets that access EJBs.
> -->
> <application-policy name="client-login">
> <authentication>
> <login-module code="org.jboss.security.ClientLoginModule"
>flag="required"/>
> </authentication>
> </application-policy>
> <!-- Security domain for JBossMQ -->
> <application-policy name="jbossmq">
> <authentication>
> <login-module code="org.jboss.mq.sm.file.DynamicLoginModule"
>flag="required">
> <module-option
>name="unauthenticatedIdentity">guest</module-option>
> <module-option
>name="sm.objectname">jboss.mq:service=StateManager</module-option>
> </login-module>
> </authentication>
> </application-policy>
> <!-- Security domains for testing new jca framework -->
> <application-policy name="HsqlDbRealm">
> <authentication>
> <login-module
>code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
> <module-option name="principal">sa</module-option>
> <module-option name="userName">sa</module-option>
> <module-option name="password"/>
> <module-option
>name="managedConnectionFactoryName">jboss.jca:service=LocalTxCM,name=hsqldbDS</module-option>
> </login-module>
> </authentication>
> </application-policy>
> <application-policy name="FirebirdDBRealm">
> <authentication>
> <login-module
>code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
> <module-option name="principal">sysdba</module-option>
> <module-option name="userName">sysdba</module-option>
> <module-option
>name="password">masterkey</module-option>
> <module-option
>name="managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=FirebirdDS</module-option>
> </login-module>
> </authentication>
> </application-policy>
> <application-policy name="JmsXARealm">
> <authentication>
> <login-module
>code="org.jboss.resource.security.ConfiguredIdentityLoginModule" flag="required">
> <module-option name="principal">guest</module-option>
> <module-option name="userName">guest</module-option>
> <module-option name="password">guest</module-option>
> <module-option
>name="managedConnectionFactoryName">jboss.jca:service=XaTxCM,name=jmsra</module-option>
> </login-module>
> </authentication>
> </application-policy>
> <!-- A template configuration for the jmx-console web application. This
> defaults to the UsersRolesLoginModule the same as other and should be
> changed to a stronger authentication mechanism as required.
> -->
> <application-policy name="jmx-console">
> <authentication>
> <login-module
>code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/>
> </authentication>
> </application-policy>
>
> <application-policy name="testLdap">
> <authentication>
> <login-module
>code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
> <module-option
>name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
> <module-option
>name="java.naming.provider.url">ldap://172.16.1.3:389/</module-option>
> <module-option
>name="java.naming.security.authentication">simple</module-option>
> <module-option
>name="principalDNPrefix">cn=</module-option>
> <module-option
>name="principalDNSuffix"></module-option>
> <module-option name="uidAttributeID">cn</module-option>
> <module-option
>name="roleAttributeID">org</module-option>
> <module-option
>name="matchOnUserDN">false</module-option>
> <module-option
>name="rolesCtxDN">o=efcoweb</module-option>
> </login-module>
> </authentication>
> </application-policy>
>
> <!-- The default login configuration used by any security domain that
> does not have a application-policy entry with a matching name
> -->
> <application-policy name="other">
> <!-- A simple server login module, which can be used when the number
> of users is relatively small. It uses two properties files:
> users.properties, which holds users (key) and their password (value).
> roles.properties, which holds users (key) and a comma-separated list of
> their roles (value).
> The unauthenticatedIdentity property defines the name of the principal
> that will be used when a null username and password are presented as is
> the case for an unuathenticated web client or MDB. If you want to
> allow such users to be authenticated add the property, e.g.,
> unauthenticatedIdentity="nobody"
> -->
> <authentication>
> <login-module
>code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required"/>
> </authentication>
> </application-policy>
> </policy>
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <!DOCTYPE web-app PUBLIC "-//Sun Microsystems, Inc.//DTD Web Application 2.2//EN"
>"http://java.sun.com/j2ee/dtds/web-app_2_2.dtd";>
> <web-app id="WebApp">
> <display-name>test</display-name>
> <servlet>
> <servlet-name>TestServlet</servlet-name>
> <display-name>TestServlet</display-name>
> <servlet-class>com.efcocorp.TestServlet</servlet-class>
> </servlet>
> <servlet-mapping>
> <servlet-name>TestServlet</servlet-name>
> <url-pattern>/</url-pattern>
> </servlet-mapping>
> <welcome-file-list>
> <welcome-file>default.shtml</welcome-file>
> <welcome-file>default.html</welcome-file>
> <welcome-file>index.shtml</welcome-file>
> <welcome-file>index.html</welcome-file>
> <welcome-file>index.htm</welcome-file>
> <welcome-file>index.jsp</welcome-file>
> <welcome-file>default.htm</welcome-file>
> <welcome-file>default.jsp</welcome-file>
> </welcome-file-list>
>
> <!-- Define a Security Constraint on this Application -->
> <security-constraint>
> <web-resource-collection>
> <web-resource-name>Test Application</web-resource-name>
> <url-pattern>*.shtml</url-pattern>
> </web-resource-collection>
> <auth-constraint>
> <role-name>webusers</role-name>
> <role-name>emp</role-name>
> <role-name>cust</role-name>
> <role-name>rep</role-name>
> </auth-constraint>
> </security-constraint>
>
> <!-- Define the Login Configuration for this Application -->
> <login-config>
> <auth-method>BASIC</auth-method>
> <realm-name>EFCO JBoss test</realm-name>
> </login-config>
> <!--
> <security-role>
> <role-name>webusers</role-name>
> </security-role>
> <security-role>
> <role-name>emp</role-name>
> </security-role>
> <security-role>
> <role-name>cust</role-name>
> </security-role>
> <security-role>
> <role-name>rep</role-name>
> </security-role>
> -->
> <!--
> <login-config>
> <auth-method>FORM</auth-method>
> <form-login-config>
> <form-login-page>/login.html</form-login-page>
> <form-error-page>/login-error.html</form-error-page>
> </form-login-config>
> </login-config>
>
> <security-role>
> <description>EFCO Web Users</description>
> <role-name>webusers</role-name>
> </security-role>
> -->
> </web-app>
>
>
> ------------------------------------------------------------------------
>
> CN=jasher^efcocorp.com,OU=emp,O=efcoweb
> cn=jasher^efcocorp.com
> shortname=jasher^efcocorp.com
> uid=jasher^efcocorp.com
> [EMAIL PROTECTED]
> objectclass=top
> objectclass=person
> objectclass=organizationalPerson
> objectclass=inetOrgPerson
> objectclass=dominoPerson
> objectclass=PersonSub
> active=A
> wholename=JAMES ASHER
> mailsystem=1
> messagestorage=1
> encryptincomingmail=0
> idsub=1
> empid=35
> textpw=XXXXX
> org=emp
> secword=XXXXX
> added=Yes
> checkpassword=0
> availablefordirsync=1
> passwordchangeinterval=0
> passwordgraceperiod=0
> sn=Asher
> givenname=James
> keyfield=E35
> userpassword=(XXXXX)
>
--
Emerson Cargnin - MSA
SICREDI - Tel : 3358-4860
-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone? Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user
