Thanks Charles, I would like to add some unit tests before closing the tests.
I was very busy with customer these last days. I'm in holiday tomorrow, so I will have time to work on Apache projects (like ServiceMix, Karaf, Aries, Camel, etc) :))
Regards JB On 12/15/2010 09:56 PM, Charles Moulliard wrote:
Thx for the info + code submitted. IT works fine and I'm able to authenticate a user + role within camel-jetty endpoint with LDAP :-) On 15/12/10 21:26, Jean-Baptiste Onofré wrote:Hi Charles The user.filter property should looks like: user.filter="(cn=%u)" %u is replaced by the username. Same for the role: role.filter="(member:=uid=%u)" Turning the log level to debug should provide all the cinematic. Could you provide the log in debug ? Regards JB On 12/15/2010 08:44 PM, Charles Moulliard wrote:I have updated karaf to use LDAP component JB, Can you help me define the content of the LDAP fields please because I'm not able to authenticate my user now ? USER SEARCH ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com" -w secret -LLL -s one -b "ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(cn=admin)" cn dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com cn: admin ROLE SEARCH ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com" -w secret -LLL -s one -b "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(member:=uid=admin)" member dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com member: uid=admin <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory connection.url=ldap://[127.0.0.1]:389 connection.username=cn=admin,dc=fusesource,dc=com connection.password=secret authentication=simple user.base.dn=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com user.filter=(cn={0}) user.search.subtree=true role.base.dn=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com role.name.attribute=cn role.filter=(member:=uid={1}) role.search.subtree=true </jaas:module> On 15/12/10 18:31, Guillaume Nodet wrote:JB has recently committed a newer version of the LDAP module which is much better integrated with Karaf (supporting our role description policy, password encryption, etc...) I think we may want to work on a backend engine to support the new LDAP console commands to administer users too ... On Wed, Dec 15, 2010 at 18:02, Charles Moulliard<[email protected]> wrote:Hi, I'm stuck with LDAP search and try to understand why the LDAPLoginModule of Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find the role. Here is the request that I made in my slapd server ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com" -w xxxx -LLL -s one -b "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(member:=uid=admin)" member --> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com member: uid=admin LDAP config <jaas:config name="ldap"> <!-- --> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory connectionURL=ldap://[127.0.0.1]:389 connectionUsername=cn=admin,dc=fusesource,dc=com connectionPassword=secret connectionProtocol= authentication=simple userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com userRoleName=admin userSearchMatching=(cn={0}) userSearchSubtree=false roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com roleName=cn roleSearchMatching=(member:=uid={0}) roleSearchSubtree=false </jaas:module> but it fails from LDAPLoginModule. In fact it does not find the role. dn: ou=systems,dc=fusesource,dc=com objectClass: organizationalUnit objectClass: top ou: systems dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com objectClass: organizationalUnit objectClass: top ou: ActiveMQ dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com objectClass: organizationalUnit objectClass: top ou: Group dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com objectClass: groupOfNames objectClass: top cn: admin member: uid=admin dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com objectClass: organizationalUnit objectClass: top ou: User dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com objectClass: organizationalPerson objectClass: person objectClass: top cn: admin sn: admin userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9 Any help is welcome. Regards, Charles
