Trying to use LdapLoginConfig to secure jmx-console. Get "Status 403".
Setup is as follows: login-config.xml WITH <application-policy name="jmx-console"> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://server2.company.com:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">cn=jbossadmin,ou=Roles,dc=company,dc=com</module-option> <module-option name="rolesCtxDN">cn=jbossadmin,ou=Roles,dc=company,dc=com</module-option> <module-option name="uidAttributeID">uid</module-option> <module-option name="roleAttributeID">nsrole</module-option> </login-module> </application-policy> web.xml WITH <login-config> <auth-method>BASIC</auth-method> <realm-name>jmx-console</realm-name> </login-config> <security-role> <role-name>JBossAdmin</role-name> </security-role> ldapsearch SHOWS server1.company.com# ldapsearch -h server2.company.com -p 389 -b "cn=jbossadmin,ou=Roles,dc=company,dc=com" -s one "uid=jboss" nsrole -x -W Enter LDAP Password: version: 2 # # filter: uid=jboss # requesting: nsrole # # jboss, JBossAdmin, Roles, company, com dn: uid=jboss,cn=JBossAdmin,ou=Roles, dc=company,dc=com nsrole: cn=jbossadmin,ou=roles,dc=company,dc=com # search result search: 2 result: 0 Success # numResponses: 2 # numEntries: 1 LOGS SHOW [19/Jul/2004:10:22:50 -0500] conn=118992 op=-1 msgId=-1 - fd=73 slot=73 LDAP connection from 192.168.2.172 to 192.168.2.203 [19/Jul/2004:10:22:50 -0500] conn=118992 op=0 msgId=1 - BIND dn="uid=jboss,cn=jbossadmin,ou=Roles,dc=company,dc=com" method=128 version=3 [19/Jul/2004:10:22:50 -0500] conn=118992 op=0 msgId=1 - RESULT err=0 tag=97 nentries=0 etime=0 dn="uid=jboss,cn=jbossadmin,ou=roles,dc=company,dc=com" [19/Jul/2004:10:22:50 -0500] conn=118992 op=1 msgId=2 - SRCH base="cn=jbossadmin,ou=roles,dc=company,dc=com" scope=1 filter="(&(uid=jboss))" attrs="nsRole" [19/Jul/2004:10:22:50 -0500] conn=118992 op=1 msgId=2 - RESULT err=0 tag=101 nentries=1 etime=0 [19/Jul/2004:10:22:50 -0500] conn=118992 op=2 msgId=3 - UNBIND [19/Jul/2004:10:22:50 -0500] conn=118992 op=2 msgId=-1 - closing - U1 [19/Jul/2004:10:22:51 -0500] conn=118992 op=-1 msgId=-1 - closed. What am I missing? Is "role-name" in need of being added as naming attribute somewhere else. Thanks in advance for any help or clues. : ) -Jana View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3842736#3842736 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3842736 ------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
