[jboss-user] [Security & JAAS/JBoss] - Re: Domino LDAP

Tue, 12 Sep 2006 06:19:33 -0700 

hi,

we solved the configuration problems with the following configuration (inside 
the login-config.xml

<!-- LDAP login configuration for Domino  -->    
  |     <application-policy name="imixsIX">
  |         <authentication>
  |             <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
  |                           flag="required">
  |                 <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |                 <module-option 
name="java.naming.provider.url">ldap://myhostmuc:389/</module-option>           
                    
  |                 <module-option 
name="java.naming.security.authentication">simple</module-option>
  |                 <module-option name="principalDNPrefix">cn=</module-option>
  |                 <!-- for principalDNSuffix no entry is needed for domino 
(e.g. o=MYDOMIAN) -->                 
  |                 <module-option name="principalDNSuffix"></module-option>
  |                 <module-option name="rolesCtxDN"></module-option>
  |                 <module-option name="uidAttributeID">member</module-option>
  |                 <module-option name="matchOnUserDN">true</module-option>
  |                 <module-option name="roleAttributeID">cn</module-option>
  |                 <module-option 
name="roleAttributeIsDN">false</module-option>
  |                 <module-option name="searchTimeLimit">5000</module-option>
  |                 <!-- searchScope ONELEVEL_SCOPE is neccesary for Domino -->
  |                 <module-option 
name="searchScope">ONELEVEL_SCOPE</module-option>
  |                
  |             </login-module>
  |         </authentication>
  |     </application-policy>
  | 

If your user will see no roles this will be an isue of the names.nsf acl. If 
"normal" users are not allowed to read in the name.nsf (this is typical for 
Domino installations) you need additional params to make the lookups with an 
admin account:

     <!-- Principal und Credentials for ldap lookups -->
  |     <module-option 
name="java.naming.security.principal">cn=admin,o=MYORG</module-option>
  |     <module-option 
name="java.naming.security.credentials">password</module-option> 

I hope this will be helpfull

Ralph


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3971001#3971001

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3971001
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to