[JBoss-user] [Security & JAAS/JBoss] - LDAP and Domino: Groups without Context

Thu, 14 Apr 2005 04:37:30 -0700 

Hi out there,

groups in Domino are located in the root of the LDAP Directory. When using LDAP 
for authentication, the "rolesCtxDN", authentication fails (using JBoss 
4.0.1sp1)

This is my configuration, most important seems the "rolesCtxDN" module option:
    
  | <application-policy name="client-login">
  |         <authentication>
  |             <login-module code="org.jboss.security.auth.spi.LdapLoginModule"
  |                           flag="required">
  |                 <module-option 
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
  |                 <module-option 
name="java.naming.provider.url">ldap://mydominosrv:389/</module-option>         
                     
  |                 <module-option 
name="java.naming.security.authentication">simple</module-option>
  | 
  |                 <module-option name="principalDNPrefix">cn=</module-option> 
                   
  |                             <module-option 
name="principalDNSuffix">,ou=myou,o=myorg</module-option>
  | 
  |                 <module-option name="rolesCtxDN"></module-option>
  |                             
  |                 <module-option name="uidAttributeID">member</module-option>
  |                 <module-option name="matchOnUserDN">true</module-option>
  | 
  |                 <module-option name="roleAttributeID">cn</module-option>
  |                 <module-option 
name="roleAttributeIsDN">false</module-option>
  |                             
  |             </login-module>
  |         </authentication>
  |     </application-policy>
  | 

I found that (only) authentication will work using an invalid entry as (Of 
course the roles cannot be resolved and I get "Access denied"):

  | <module-option name="rolesCtxDN">dontcare</module-option>
  | 


I found at least one post here which tried this:

  | <module-option name="rolesCtxDN"></module-option>
  | 

But this fails and obviously kills the whole authentication config. After that 
I get an immediate "Login failed", not even an "access denied".

How can I use the "empty" context for the roles? There is nothing like "/" (for 
root directories) in LDAP. Any experience with Domino LDAP appreciated!

Any hint how to find more logging information appreciated! I already tried 
something like "DEBUG" for "org" categories in the log4j.xml. This gave me tons 
of logs, but nothing about the LDAP Authentication.

Thanks

View the original post : 
http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3873891#3873891

Reply to the post : 
http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3873891


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
JBoss-user mailing list
JBoss-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jboss-user

Reply via email to