[jboss-user] [Security & JAAS/JBoss] - Re: JBoss 4.0.5.GA LdapLoginModule - terminology confusion

Thu, 27 Sep 2007 23:17:49 -0700 

It's unfortunate no one was able to suggest using an undocumented version of 
LdapLoginModule - I found the LdapExtLoginModule by searching the jboss source 
code.  Once I found that, a search of the wikis led me to the excellent posting 
http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule and the problem was 
resolved within hours. 

For the benefit of others trying to use Ldap, don't waste time with the 
LdapLoginModule described in the Application Server Guide.  Go directly to the 
LdapExtLoginModule for terminology and searching that more closely aligns with 
LDAP terminology and concepts.

Below is the login-config.xml that works with my OpenLDAP:

    <!-- GM: Sept 27 2007 - A configuration for webapps using an OpenLDAP 
running on this server.  -->
    <application-policy name="localhostLDAP">
      
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" 
flag="required">
              <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
              <module-option 
name="java.naming.provider.url">ldap://127.0.0.1:389/</module-option>
              <module-option 
name="java.naming.security.authentication">simple</module-option>
              <module-option 
name="bindDN">cn=administrator,dc=saanich,dc=ca</module-option>
              <module-option name="bindCredential">admin1</module-option>
              <module-option 
name="baseCtxDN">ou=People,dc=saanich,dc=ca</module-option>
              <module-option name="baseFilter">(cn={0})</module-option>
              <module-option 
name="rolesCtxDN">ou=Webapp-Roles,ou=Groups,dc=saanich,dc=ca</module-option>
              <module-option name="roleFilter">(member={1})</module-option>
              <module-option name="uidAttributeID">member</module-option>
              <module-option name="roleAttributeID">cn</module-option>
              <module-option name="roleNameAttributeID">cn</module-option>
              <module-option name="roleAttributeIsDN">true</module-option>
      </login-module>
      
    </application-policy>


View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4089560#4089560

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4089560
_______________________________________________
jboss-user mailing list
jboss-user@lists.jboss.org
https://lists.jboss.org/mailman/listinfo/jboss-user

Reply via email to