Hi , I am Dhiraj Ramakrishnan, a software engineer from India. I am facing the following problem in JBoss,
I am trying to implement LDAP configuration with JBOSS3.0.4_Tomcat. I have configured the login-config.xml to the following, <policy> <application-policy name = "nShareLdap"> <authentication> <login-module code = "org.jboss.security.auth.spi.LdapLoginModule" flag = "required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module- option> <module-option name="java.naming.provider.url">ldap://hyd.nimaya.com:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNPrefix">cn=</module-option> <module-option name="uidAttributeID">cn</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="principalDNSuffix">,cn=users,dc=hyd,dc=nimaya,dc=com</module-option> <module-option name="rolesCtxDN">cn=users,dc=hyd,dc=nimaya,dc=com</module-option> <module-option name="matchOnUserDN">false</module-option> <!--<module-option name="unauthenticatedIdentity"></module-option>--> </login-module> </authentication> </application-policy> </policy> the problem i am facing is that , it is authenticating users... this i am assuming because it is giving no error/exception in the console during that time. And if i give an invalid user it is failing to authenticate. The problem comes at the time of authorization , It gives an error that you are not authorized to access the application. One reason is that the Logical name of the Roles that i have in my application have not been mapped on to the groups/roles that i have in the LDAP server. But i don't find any tag in either jboss.xml or jboss-web.xml to configure that. Please let me know if , a) there has to be some other configuration to be done to map the logical roles in my application to the physical roles in LDAP server b) If the settings that i have done in the loginconfig.xml are proper. Awaiting reponse, Thank You, Dhiraj Ramakrishnan
<<attachment: winmail.dat>>