Hi Charles
The user.filter property should looks like:
user.filter="(cn=%u)"
%u is replaced by the username.
Same for the role:
role.filter="(member:=uid=%u)"
Turning the log level to debug should provide all the cinematic.
Could you provide the log in debug ?
Regards
JB
On 12/15/2010 08:44 PM, Charles Moulliard wrote:
I have updated karaf to use LDAP component
JB,
Can you help me define the content of the LDAP fields please because I'm
not able to authenticate my user now ?
USER SEARCH
ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
-w secret -LLL -s one -b
"ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(cn=admin)" cn
dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
cn: admin
ROLE SEARCH
ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
-w secret -LLL -s one -b
"ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
"(member:=uid=admin)" member
dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
member: uid=admin
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
connection.url=ldap://[127.0.0.1]:389
connection.username=cn=admin,dc=fusesource,dc=com
connection.password=secret
authentication=simple
user.base.dn=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
user.filter=(cn={0})
user.search.subtree=true
role.base.dn=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
role.name.attribute=cn
role.filter=(member:=uid={1})
role.search.subtree=true
</jaas:module>
On 15/12/10 18:31, Guillaume Nodet wrote:
JB has recently committed a newer version of the LDAP module which is
much better integrated with Karaf (supporting our role description
policy, password encryption, etc...)
I think we may want to work on a backend engine to support the new
LDAP console commands to administer users too ...
On Wed, Dec 15, 2010 at 18:02, Charles Moulliard<[email protected]>
wrote:
Hi,
I'm stuck with LDAP search and try to understand why the
LDAPLoginModule of
Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find the
role.
Here is the request that I made in my slapd server
ldapsearch -H ldap://localhost:389 -x -D
"cn=admin,dc=fusesource,dc=com" -w
xxxx -LLL -s one -b
"ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
"(member:=uid=admin)" member
-->
dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
member: uid=admin
LDAP config
<jaas:config name="ldap">
<!-- -->
<jaas:module
className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL=ldap://[127.0.0.1]:389
connectionUsername=cn=admin,dc=fusesource,dc=com
connectionPassword=secret
connectionProtocol=
authentication=simple
userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
userRoleName=admin
userSearchMatching=(cn={0})
userSearchSubtree=false
roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
roleName=cn
roleSearchMatching=(member:=uid={0})
roleSearchSubtree=false
</jaas:module>
but it fails from LDAPLoginModule. In fact it does not find the role.
dn: ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: systems
dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: ActiveMQ
dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: Group
dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: groupOfNames
objectClass: top
cn: admin
member: uid=admin
dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalUnit
objectClass: top
ou: User
dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
objectClass: organizationalPerson
objectClass: person
objectClass: top
cn: admin
sn: admin
userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
Any help is welcome.
Regards,
Charles
--
Jean-Baptiste Onofré
---------------------------------
HomePage
http://www.nanthrax.net
---------------------------------
Contacts
[email protected]
[email protected]
---------------------------------
OpenSource
BuildProcess/AutoDeploy
http://buildprocess.sourceforge.net
Apache ServiceMix
http://servicemix.apache.org
-----------------------------------
PGP : 17D4F086
