[JBoss-user] [Security & JAAS/JBoss] - Re: Using ADAM (Active Directory Application Mode) & LdapExt

[senthilid14]

I found where I made mistake.

wrong one 
<module-option name="roleFilter">(member={0})</module-option>

correct one
<module-option name="roleFilter">(member={1})</module-option>

0 will by substituted by given user name
1 will by substituted by given user DN

Each group's member attribute have user DN as value and not username
So I have to give 1 only

(Sorry i did not read wiki knowledge base properly, there its cleary mentioned)

the full working one login module config is

        <application-policy name="myrealm">
  |             
  |                     <login-module 
code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
  |                             <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |                             <module-option 
name="java.naming.provider.url">ldap://localhost</module-option>
  |                             <module-option 
name="java.naming.security.authentication">simple</module-option>
  |                             <module-option 
name="bindDN">cn=admin1,ou=security,dc=ties,dc=teradata,dc=ncr,dc=com</module-option>
  |                             <module-option 
name="bindCredential">admin1</module-option>
  |                             
  |                             <module-option 
name="baseCtxDN">ou=security,dc=ties,dc=teradata,dc=ncr,dc=com</module-option>
  |                             <module-option 
name="baseFilter">(cn={0})</module-option>
  |                             
  |                             <module-option 
name="rolesCtxDN">ou=security,dc=ties,dc=teradata,dc=ncr,dc=com</module-option>
  |                             <module-option 
name="roleFilter">(member={1})</module-option>
  |                             <module-option 
name="roleAttributeID">cn</module-option>
  |                             <module-option 
name="roleRecursion">-1</module-option>
  |                     </login-module>
  |                     
  |     </application-policy>

View the original post : 
http://www.jboss.com/index.html?module=bb&op=viewtopic&p=3943727#3943727

Reply to the post : 
http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=3943727


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user