[JBoss-user] [Security & JAAS/JBoss] - LdapLoginModule - How to support this ldap user schema?

Fri, 30 Jul 2004 04:08:59 -0700 

Hi there,
        Here is my structure for users in my ldap server:

o=mycompany
|_
  ou=AD
           |_             
              cn=user1
           |_             
              cn=user2
|_
  ou=IT
           |_ 
              cn=user1
           |_             
              cn=user2
|_
  etc.....

Notice that the ou is the same as the iso country name codes (i.e. AD=Andorra, 
IT=Italy). When using tomcat, this realm works 

for me:



As you can see, I can do a user search for this user across numerous ou's (i.e. 
userSearch="(cn={0})"). However, I do not know how to do the equivalent in jboss. 
Here's is my configuration so far in jboss, login-config.xml:

<application-policy name="jmx-console">
      
        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" 
flag="required">
          <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
          <module-option 

name="java.naming.provider.url">ldap://ldap.server.dns.name:ldap.server.dns.portNumber</module-option>
          <module-option 
name="java.naming.security.authentication">simple</module-option>
          <module-option name="principalDNPrefix">cn=</module-option>
          <module-option name="principalDNSuffix">,ou=AD,o=mycompany</module-option>
          <module-option name="matchOnUserDN">true</module-option>
          <!-- Don't have to worry about roles yet! -->
          <!--module-option name="rolesCtxDN">doLater</module-option>
          <module-option name="uidAttributeID">member</module-option>
          <module-option name="roleAttributeID">cn</module-option>
          <module-option name="hashAlgorithm">MD5</module-option-->
        </login-module>
      
    </application-policy>

This works fine if the user is in the ou of AD, but not for users in the ou of IT :(. 
Does anyone know if I can do the above? Is my user schema supported by LdapLoginModule 
or will I have to write my own variation? If the former, how can I configure 
login-config.xml to do the same as I'm doing for tomcat?

Any help/pointers appreciated, am sure I'm not the only one that has users spread 
across numerous ou's, not just one ou.
Best,
Conor


View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3843725#3843725

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3843725


-------------------------------------------------------
This SF.Net email is sponsored by OSTG. Have you noticed the changes on
Linux.com, ITManagersJournal and NewsForge in the past few weeks? Now,
one more big change to announce. We are now OSTG- Open Source Technology
Group. Come see the changes on the new OSTG site. www.ostg.com
_______________________________________________
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to