Hi. I have configured JBoss to authenticate users in LDAP directory. Users are authenticated properly, but their roles aren't mirrored in JBoss. I tried many configurations in login-config.xml but it still doesn't work. Server.log contains such entries after user login:
| 2004-03-12 16:44:20,953 TRACE [org.jboss.security.auth.spi.LdapLoginModule] Logged into LDAP server, [EMAIL PROTECTED] | 2004-03-12 16:44:20,968 TRACE [org.jboss.security.auth.spi.LdapLoginModule] User 'fsmith' authenticated, loginOk=true | 2004-03-12 16:44:20,968 TRACE [org.jboss.security.auth.spi.LdapLoginModule] commit, loginOk=true | 2004-03-12 16:44:20,968 TRACE [org.jboss.security.plugins.JaasSecurityManager.iqweb] updateCache, subject=Subject: | Principal: fsmith | Principal: Roles(members) | Below are parts of LDAP schema and login-config.xml. Thanks for any suggestions. Best regards, Bart login-config.xml: | <application-policy name="iqweb"> | <authentication> | <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> | <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> | <module-option name="java.naming.provider.url">ldap://magnat/</module-option> | <module-option name="java.naming.security.authentication">simple</module-option> | <module-option name="principalDNPrefix">uid=</module-option> | <module-option name="principalDNSuffix">,ou=People,dc=iqtech,dc=pl</module-option> | <module-option name="rolesCtxDN">ou=Roles,dc=iqtech,dc=pl</module-option> | <module-option name="matchOnUserDN">true</module-option> <!-- false also doesn't work --> | <module-option name="uidAttributeID">uniqueMember</module-option> | <module-option name="roleAttributeID">cn</module-option> | </login-module> | </authentication> | </application-policy> | LDAP ldif: | # OU DEFINITIONS | # People OU - for holding records of all individuals | dn: ou=People,dc=iqtech,dc=pl | ou: People | objectClass: top | objectClass: organizationalUnit | | # Groups OU - for holding records of groupings of individuals | dn: ou=Groups,dc=iqtech,dc=pl | ou: Groups | objectClass: top | objectClass: organizationalUnit | | # Roles OU - for holding records of roles and the groups to which those roles have been assigned | dn: ou=Roles,dc=iqtech,dc=pl | ou: Roles | objectClass: top | objectClass: organizationalUnit | | # PEOPLE ENTRIES | dn: uid=lrussell,ou=People,dc=iqtech,dc=pl | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetOrgPerson | sn: Russell | cn: Luc | uid: lrussell | userpassword: fgCPCzLOHJSRIhLb756rLfe8E7Y= | mail: [EMAIL PROTECTED] | | dn: uid=jbloggs,ou=People,dc=iqtech,dc=pl | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetOrgPerson | sn: Bloggs | cn: Joe | uid: jbloggs | userpassword: no3XJAZeeb9AKbGNY65/masWpZE= | mail: [EMAIL PROTECTED] | | dn: uid=fsmith,ou=People,dc=iqtech,dc=pl | objectClass: top | objectClass: person | objectClass: organizationalPerson | objectClass: inetOrgPerson | sn: Smith | cn: Fred | uid: fsmith | userpassword: kSgNNHCC/WXSjWH3s11BQNE6cKE= | mail: [EMAIL PROTECTED] | | | # GROUPS ENTRIES | dn: cn=Users,ou=Groups,dc=iqtech,dc=pl | objectClass: top | objectClass: groupOfUniqueNames | cn: Users | uniqueMember: uid=jbloggs,ou=People,dc=iqtech,dc=pl | uniqueMember: uid=fsmith,ou=People,dc=iqtech,dc=pl | | dn: cn=Member_admins,ou=Groups,dc=iqtech,dc=pl | objectClass: top | objectClass: groupOfUniqueNames | cn: Member_admins | uniqueMember: uid=lrussell,ou=People,dc=iqtech,dc=pl | | dn: cn=Everyone,ou=Groups,dc=iqtech,dc=pl | objectClass: top | objectClass: groupOfUniqueNames | cn: Everyone | uniqueMember: uid=jbloggs,ou=People,dc=iqtech,dc=pl | uniqueMember: uid=fsmith,ou=People,dc=iqtech,dc=pl | uniqueMember: uid=lrussell,ou=People,dc=iqtech,dc=pl | | # ROLES ENTRIES | dn: cn=Authenticated_users,ou=Roles,dc=iqtech,dc=pl | objectClass: top | objectClass: groupOfUniqueNames | cn: Authenticated_users | uniqueMember: cn=Everyone,ou=Groups,dc=iqtech,dc=pl | | dn: cn=Member_admin,ou=Roles,dc=iqtech,dc=pl | objectClass: top | objectClass: groupOfUniqueNames | cn: Member_admin | uniqueMember: cn=Member_admins,ou=Groups,dc=iqtech,dc=pl | | anonymous wrote : <a href="http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3825399#3825399";>View the original post</a> <a href="http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3825399>Reply to the post</a> ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
