JB has recently committed a newer version of the LDAP module which is much better integrated with Karaf (supporting our role description policy, password encryption, etc...) I think we may want to work on a backend engine to support the new LDAP console commands to administer users too ...
On Wed, Dec 15, 2010 at 18:02, Charles Moulliard <[email protected]> wrote: > Hi, > > I'm stuck with LDAP search and try to understand why the LDAPLoginModule of > Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find the > role. > > Here is the request that I made in my slapd server > > ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com" -w > xxxx -LLL -s one -b "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" > "(member:=uid=admin)" member > --> > dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > member: uid=admin > > LDAP config > > <jaas:config name="ldap"> > <!-- --> > <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" > flags="required"> > initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory > connectionURL=ldap://[127.0.0.1]:389 > connectionUsername=cn=admin,dc=fusesource,dc=com > connectionPassword=secret > connectionProtocol= > authentication=simple > userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > userRoleName=admin > userSearchMatching=(cn={0}) > userSearchSubtree=false > roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > roleName=cn > roleSearchMatching=(member:=uid={0}) > roleSearchSubtree=false > </jaas:module> > > but it fails from LDAPLoginModule. In fact it does not find the role. > > dn: ou=systems,dc=fusesource,dc=com > objectClass: organizationalUnit > objectClass: top > ou: systems > > dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > objectClass: organizationalUnit > objectClass: top > ou: ActiveMQ > > dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > objectClass: organizationalUnit > objectClass: top > ou: Group > > dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > objectClass: groupOfNames > objectClass: top > cn: admin > member: uid=admin > > dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > objectClass: organizationalUnit > objectClass: top > ou: User > > dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com > objectClass: organizationalPerson > objectClass: person > objectClass: top > cn: admin > sn: admin > userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9 > > > Any help is welcome. > > Regards, > > Charles > -- Cheers, Guillaume Nodet ------------------------ Blog: http://gnodet.blogspot.com/ ------------------------ Open Source SOA http://fusesource.com
