If you use Karaf 3, actually, LDAP login module doesn't support group
for now:
https://issues.apache.org/jira/browse/KARAF-2613
So you have to use roles only (as we do with Karaf 2.x).
You can't bypass the role retrieval.
You have to define a baseDN and a filter (the filter can contain %u
replaced by the username and %dn replace by the DN).
For instance, you can search on a role ou, or add a role attribute to
your posixAccount.
If you want, I can do an enhancement to bypass the role retrieval and
"assign" always the same role ("admin" for instance as we do in the
PropertiesLoginModule).
Regards
JB
On 01/30/2014 12:32 PM, cbiava wrote:
Hi Jean Baptiste, no problem, I finally found the problem.
I didn't understand well your answer. But I cannot do anonymous binds no.
The fact is that i can execute requests on the ldap server but when it comes
to role validation,
the role used by karaf to authentificate the user is :
role.name.attribute = cn
But the attribute cn is not set in ldap to "admin"(and not used for roles so
it cannot auth the user.
The filter is :
role.filter=(&(objectClass=user)(sAMAccountName=%u))
is there a way to bypass the role validation ? Or to use a role filter which
returns "admin" if there is a match in ldap ?
Christophe
--
View this message in context:
http://karaf.922171.n3.nabble.com/Jaas-realm-problem-tp4031391p4031407.html
Sent from the Karaf - User mailing list archive at Nabble.com.
--
Jean-Baptiste Onofré
[email protected]
http://blog.nanthrax.net
Talend - http://www.talend.com
