Hi,
I'm having trouble configuring the JndiLogin.
I have an OpenLDAP server which is configured as follows:
o=sector
|
|--c=region
|
|--o=pgroupA
| |
| |--cn=userA with UID=ABC_UA1
| |--cn=userB with UID=ABC_UB1
|--o=pgroupB
|
|--cn=userA with UID=DBC_UA1
|--cn=userB with UID=DBC_UB1
So i have to search for my users with the UID
I have this working in Tomcat 5.0, however when i try to use JAAS instead of
the Jndi Realm i have the
problem that the Jndi login module does not support the search in subtrees
which i really need.
I thinck that jboss supports this.
However i allways get:
"
[org.jboss.security.auth.spi.LdapLoginModule] Failed to validate password
javax.naming.AuthenticationException: [LDAP: error code 49 - Invalid
Credentials]
.....
[org.jboss.security.auth.spi.LdapLoginModule] Bad password for username=DBC_UA1
"
in the jboss-web.xml i have the following:
"
<security-domain>java:/jaas/TESTV3</security-domain>
"
in the jboss.xml file i have:
"
<security-domain>java:/jaas/TESTV3</security-domain>
"
in the login-config.xml i have:
"
<application-policy name="TESTV3">
<login-module
code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option
name="java.naming.provider.url">ldap://localhost:389/o=sector</module-option>
<module-option
name="java.naming.security.authentication">simple</module-option>
<!-- <module-option
name="java.naming.security.protocol"></module-option> -->
<module-option
name="java.naming.security.principal">cn=Manager,dc=mycompany,dc=com</module-option>
<module-option
name="java.naming.security.credentials">secret</module-option>
<module-option
name="principalDNPrefix">uid=</module-option>
<!--<module-option
name="principalDNSuffix">,o=sector</module-option>-->
<module-option
name="roleAttributeName">description</module-option>
<module-option
name="matchOnUserDN">false</module-option>
<!--<module-option
name="uidAttributeID">sn</module-option>-->
<!--<module-option
name="principalDNSuffix">,o=antalis</module-option>-->
<!-- <module-option
name="useObjectCredential">false</module-option> -->
<!--<module-option
name="rolesCtxDN">o=antalis</module-option>-->
<!-- <module-option
name="unauthenticatedIdentity">guest</module-option> -->
<!-- <module-option
name="password-stacking"></module-option> -->
<!-- <module-option
name="hashAlgorithm">SHA</module-option> -->
<!-- <module-option
name="hashEncoding">base64</module-option> -->
<!-- <module-option name="hashCharset"></module-option>
-->
</login-module>
</application-policy>
"
I have searched for several newsgroups but i never found a working example for
Jaas-OpenLdap and Jboss 4.
Any help would be greatly appreciated
Regards
Kristof
View the original post :
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3881919#3881919
Reply to the post :
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3881919
-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click
_______________________________________________
JBoss-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/jboss-user
