OK, got it :)
role.filter should contain (member=uid=%u) and not (member:=uid=%u).
Let me check how I construct the role search filter.
Regards
JB
On 10/06/2011 12:01 PM, Charles Moulliard wrote:
member is not a OU
DN: cn=admin, ou=roles,ou=system
where member=uid=jdoe is a attribute of cn=admin
My query works fine in ApacheDS Studio with
search base = ou=roles,ou=system
filter = (member=uid=jdoe)
and return
cn=admin, ou=roles,ou=system
containing member=uid=jdoe
On Thu, Oct 6, 2011 at 11:48 AM, Jean-Baptiste Onofré<j...@nanthrax.net> wrote:
Hi Charles,
the role.filter doesn't look correct to me. The "member" is an ou ?
In that case the filter should be (&(ou=member)(uid=%s)).
Regards
JB
On 10/06/2011 11:32 AM, Charles Moulliard wrote:
connection.url is correct as the user has been authenticated. There is
an issue with roles checking
On Thu, Oct 6, 2011 at 11:21 AM, Kuhtz, Andreas<andreas.ku...@atos.net>
wrote:
Hi,
It could be that the connection.url is not correct (we had this in our
project). We had to add the /dc=.... .
See https://cwiki.apache.org/DIRxSRVx11/enablesearchforallusers.html
Regards
Andi
-----Original Message-----
From: Charles Moulliard [mailto:cmoulli...@gmail.com]
Sent: Donnerstag, 6. Oktober 2011 10:57
To: user
Subject: LDAP Authentication - karaf 2.1.6 fail
Hi,
I try to use LDAP authentication with Karaf 2.1.6 but the it fails
with roles based verification.
10:49:50,518 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Create
the LDAP initial context.
10:49:50,519 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Bound
access requested.
10:49:50,519 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Get the
user DN.
10:49:50,519 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 |
Initialize the JNDI LDAP Dir Context.
10:49:50,771 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Define
the subtree scope search control.
10:49:50,772 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Looking
for the user in LDAP with
10:49:50,772 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | base
DN: ou=users,ou=system
10:49:50,772 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 |
filter: (uid=jdoe)
10:49:50,789 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Get the
user DN.
10:49:50,790 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Bind
user (authentication).
10:49:50,790 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Set the
security principal for uid=jdoe,ou=users,ou=system
10:49:50,790 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Binding
the user.
10:49:50,808 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | User
jdoe successfully bound.
10:49:50,810 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Get user
roles.
10:49:50,834 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | Looking
for the user roles in LDAP with
10:49:50,834 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 | base
DN: ou=roles,ou=system
10:49:50,834 | DEBUG | NioProcessor-1 | LDAPLoginModule
| 23 - org.apache.karaf.jaas.modules - 2.1.6.fuse-00-05 |
filter: (member:=uid=jdoe)
Is the following syntax correct ?
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0"
<jaas:config name="karaf" rank="1">
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=uid=admin,ou=system
connection.password=secret
connection.protocol=
connection.url = ldap://localhost:10389
user.base.dn = ou=users,ou=system
user.filter = (uid=%u)
user.search.subtree = true
role.base.dn = ou=roles,ou=system
role.filter = (member:=uid=%u)
role.name.attribute = cn
role.search.subtree = true
authentication = simple
</jaas:module>
</jaas:config>
</blueprint>
ApacheDS
=========
version: 1
dn: ou=system
objectClass: organizationalUnit
objectClass: extensibleObject
objectClass: top
ou: system
dn: uid=admin,ou=system
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: tlsKeyInfo
objectClass: top
cn: system administrator
keyAlgorithm: RSA
privateKey:: xxxxxxx
privateKeyFormat: PKCS#8
publicKey:: xxxxx
publicKeyFormat: X.509
sn: administrator
displayName: Directory Superuser
uid: admin
userCertificate:: xxxxxx
userPassword:: c2VjcmV0
dn: ou=users,ou=system
objectClass: organizationalUnit
objectClass: top
ou: users
dn: ou=roles,ou=system
objectClass: organizationalUnit
objectClass: top
ou: roles
dn: cn=admin,ou=roles,ou=system
objectClass: groupOfNames
objectClass: top
cn: admin
member: uid=jdoe
dn: uid=jdoe,ou=users,ou=system
objectClass: organizationalPerson
objectClass: person
objectClass: inetOrgPerson
objectClass: top
cn: John Doe
sn: Doe
uid: jdoe
userPassword:: c2VjcmV0
Charles Moulliard
Apache Committer
Blog : http://cmoulliard.blogspot.com
Twitter : http://twitter.com/cmoulliard
Linkedin : http://www.linkedin.com/in/charlesmoulliard
Skype: cmoulliard
--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com
--
Jean-Baptiste Onofré
jbono...@apache.org
http://blog.nanthrax.net
Talend - http://www.talend.com