[JBoss-user] [Security & JAAS/JBoss] - LDAP Newbie - LdapLoginModule

Fri, 08 Apr 2005 09:11:45 -0700 

I know, I know...I should just be able to read the docs to find this 
out...but...can someone explain to me how this all works?  

My login-config.xml is setup as follows:

     <application-policy name = "Employees">
       
          <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
             flag = "required">
                         <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                         <module-option 
name="java.naming.provider.url">ldap://localhost:389</module-option>
                         <module-option 
name="java.naming.security.authentication">simple</module-option>
                         <module-option 
name="principalDNPrefix">cn=</module-option>
                         <module-option 
name="principalDNSuffix">,ou=Employees,o=test</module-option> 
                         <module-option 
name="rolesCtxDN">ou=test-Roles,o=test</module-option>
                         <module-option 
name="uidAttributeID">member</module-option>
                         <module-option 
name="matchOnUserDN">true</module-option>
                         <module-option 
name="roleAttributeID">cn</module-option>
                         <module-option 
name="roleAttributeIsDN">false</module-option>
                  </login-module>
       
    </application-policy>  


I know that I need to map role names within the web.xml to protect resources; 
however...

my very simple question is how do I implement all of this? 

I have a custom login page, but how do I pass the username/password to the 
LdapLoginModule to perform it's validatePassword() method, and how then do I 
perform the context search for the user's roles, etc.? 

Again, I read so many docs that my head is spinning...I know I could write my 
own custom login modules but why re-invent the wheel that JBoss has already 
supplied, right?

My assumptions are that JBoss automatically handles the connection to the LDAP 
server via the login-config.xml entries...what client code is needed to use 
that connection and do the additional roles searches, etc...

Scott, et. al....sorry for the long post...TIA for any info.

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873250#3873250

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873250


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to