Hello, I'm authenticating users against an ActiveDirectory server using the LdapLoginModule and this seems to be working nicely. Given a correct username and password the appropriate principal can be retrieved from the SessionContext of my bean. (for debugging only of course)
However, I've had little luck with mapping users to roles with this setup, probably because I don't fully understand what is going on. As an example, the user with the distinguished name anonymous wrote : CN=Logi Ragnarsson,OU=Tolvudeild,OU=Upplysinga & Taeknisvid,OU=Skrifstofa,OU=Notendur,DC=althingi,DC=is is authenticated, but will have an empty set of roles as seen by this exception: anonymous wrote : Insufficient method permissions, principal=logir, method=create, interface=HOME, requiredRoles=[pruf, Tolvudeild], principalRoles=[] The user has a number of role-mappings, including: anonymous wrote : memberOf CN=Tolvudeild,OU=Groups,DC=althingi,DC=is | memberOf CN=pruf,OU=Groups,DC=althingi,DC=is either of which should be sufficient to allow access to the bean. My feeble attempts at setting this up have resulted in the following login module configuration as the only one in the login-config.xml file: anonymous wrote : <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> | <module-option name="debug">true</module-option> | <module-option name="java.naming.provider.url">ldap://adc.althingi.is/</module-option> | <module-option name="principalDNSuffix">@althingi.is</module-option> | <module-option name="rolesCtxDN">OU=Groups,DC=althingi,DC=is</module-option> | <module-option name="roleAttributeID">memberOf</module-option> | <module-option name="roleAttributeIsDN">true</module-option> | <module-option name="roleNameAttributeID">name</module-option> | <module-option name="uidAttributeID">sAMAccountName</module-option> | </login-module> | I'm sure this is obvious to those who know what is going on, but I'm baffled. View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=3846432#3846432 Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=3846432 ------------------------------------------------------- SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift. http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285 _______________________________________________ JBoss-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/jboss-user
