Adjusted my filter to :
role.filter=(&(objectClass=group)(member=%dn,DC=corp,DC=local))
Verified that it returns 2 Groups : Mirth Admins DEV and ActiveMQ_Admins_DEV
role.mapping=ActiveMQ_Admins_DEV=admin,webconsole,manager,jmxUser,sshConsole,viewer;ActiveMQ_Users_DEV=viewer
2017-03-06 09:11:14,013 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf,
role=webconsole,
rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.module
s.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal,
configuration=null, username=inttest02, password=******]
2017-03-06 09:11:14,013 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-03-06 09:11:14,103 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user in LDAP
with
2017-03-06 09:11:14,103 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | base DN: DC=corp,DC=local
2017-03-06 09:11:14,103 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | filter:
(&(objectCategory=person)(samAccountName=inttest02))
2017-03-06 09:11:14,196 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Found the user DN.
2017-03-06 09:11:14,197 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-03-06 09:11:14,197 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal
for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
2017-03-06 09:11:14,198 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-03-06 09:11:14,383 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully
bound.
2017-03-06 09:11:14,474 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user roles
in LDAP with
2017-03-06 09:11:14,475 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | base DN: OU=Application
Groups,OU=Domain Groups,DC=corp,DC=local
2017-03-06 09:11:14,475 | DEBUG | wtio/auth/login/ | LDAPLoginModule
| 116 - org.apache.karaf.jaas.modules - 4.0.8 | filter:
(member:1.2.840.113556.1.4.1941:=CN=inttest02,OU=Test
Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local)
2017-03-06 09:11:14,599 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.boot.principal.RolePrincipal
2017-03-06 09:11:14,599 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-06 09:11:14,599 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.modules.RolePrincipal
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.modules.RolePrincipal, continuing
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
org.apache.karaf.jaas.boot.principal.GroupPrincipal
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
UserPrincipal[inttest02]
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | principal class
org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
org.apache.karaf.jaas.boot.principal.GroupPrincipal, continuing
2017-03-06 09:11:14,600 | DEBUG | wtio/auth/login/ | Authenticator
| 243 - io.hawt.hawtio-web - 1.4.68 | User inttest02 does not have the
required role webconsole
--
View this message in context:
http://karaf.922171.n3.nabble.com/LDAP-Roles-tp4049745p4049768.html
Sent from the Karaf - User mailing list archive at Nabble.com.
