Re: [JBoss-user] LDAPLoginModule used with Win2000

2001-09-19 Thread Scott M Stark 

Try just running the JNDI code used by the LdapLoginModule and see what
the issue is. There have been issues reported about using JNDI to access
active directory.

You can see the code here:
http://cvs.sourceforge.net/cgi-bin/viewcvs.cgi/jboss/jbosssx/src/main/org/jb
oss/security/auth/spi/LdapLoginModule.java?rev=1.4&content-type=text/vnd.vie
wcvs-markup

- Original Message -
From: "Carlos Ferrão" <[EMAIL PROTECTED]>
To: "jboss ml" <[EMAIL PROTECTED]>
Sent: Wednesday, September 19, 2001 12:26 PM
Subject: [JBoss-user] LDAPLoginModule used with Win2000


>
> Hello List,
>
> I'm trying to perform authentication against Windows 2000 Active Directory
> (which is LDAP).
> In my domain I have two groups (Tuser and Tadmin) and users assigned to
> them. The security definition in the deployment descriptor of my beans
> comply to those. I've tested before my application with
> org.jboss.security.auth.spi.UsersRolesLoginModule and everything works
fine.
> I have JBoss running in Linux and Win2000.
>
> I used the LDAP configuration in auth.conf as described in
> http://www.jboss.org/documentation/HTML/ch09s17.html and I'm getting the
> following error:
>
> [siigpstestBean] CONTAINER EXCEPTION:Configuration Error:
> Line 31: expected 'option key', found 'null'
> [siigpstestBean] java.lang.SecurityException: Configuration Error:
> [siigpstestBean]Line 31: expected 'option key', found 'null'
> [siigpstestBean]at
> com.sun.security.auth.login.ConfigFile.getAppConfigur
> ationEntry(ConfigFile.java:221)
> [siigpstestBean]at
> javax.security.auth.login.LoginContext.init(LoginCont
> ext.java:172)
> [siigpstestBean]at
> javax.security.auth.login.LoginContext.(LoginCo
> ntext.java:266)
> [siigpstestBean]at
> javax.security.auth.login.LoginContext.(LoginCo
> ntext.java:380)
> [siigpstestBean]at
> org.jboss.security.plugins.JaasSecurityManager.defaul
> tLogin(JaasSecurityManager.java:351)
>
> My auth.conf is as follows:
>
> libsec {
> org.jboss.security.plugins.samples.LdapLoginModule required
> java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
> principalDNPrefix=uid=
> uidAttributeID=userid
> roleAttributeID=rolenames
> principalDNSuffix=,ou=People,o=mydomain.com
> rolesCtxDN=ou=Users,cn=Project1,ou=Projects,o=mydomain.com
> java.naming.provider.url=ldap://hall:389/
> java.naming.security.authentication=simple
> };
>
> I've tried to put "users" in uidAttributeID and "group" in
roleAttributeID,
> commented out several the prefix lines, tried different values for
> rolesCtxDN, it's like shooting in the dark..
>
> Can please someone enlighten me on this??? Is this the correct approach
for
> performing authentication and authorisation in a win 2000 server?? is it
> necessary to perform something special on win 2000???
>
> Thanks in advance,
> Carlos Ferrao
>
>
> ___
> JBoss-user mailing list
> [EMAIL PROTECTED]
> https://lists.sourceforge.net/lists/listinfo/jboss-user
>


___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user

[JBoss-user] LDAPLoginModule used with Win2000

2001-09-19 Thread Carlos Ferrão 


Hello List,

I'm trying to perform authentication against Windows 2000 Active Directory
(which is LDAP).
In my domain I have two groups (Tuser and Tadmin) and users assigned to
them. The security definition in the deployment descriptor of my beans
comply to those. I've tested before my application with
org.jboss.security.auth.spi.UsersRolesLoginModule and everything works fine.
I have JBoss running in Linux and Win2000.

I used the LDAP configuration in auth.conf as described in
http://www.jboss.org/documentation/HTML/ch09s17.html and I'm getting the
following error:

[siigpstestBean] CONTAINER EXCEPTION:Configuration Error:
Line 31: expected 'option key', found 'null'
[siigpstestBean] java.lang.SecurityException: Configuration Error:
[siigpstestBean]Line 31: expected 'option key', found 'null'
[siigpstestBean]at
com.sun.security.auth.login.ConfigFile.getAppConfigur
ationEntry(ConfigFile.java:221)
[siigpstestBean]at
javax.security.auth.login.LoginContext.init(LoginCont
ext.java:172)
[siigpstestBean]at
javax.security.auth.login.LoginContext.(LoginCo
ntext.java:266)
[siigpstestBean]at
javax.security.auth.login.LoginContext.(LoginCo
ntext.java:380)
[siigpstestBean]at
org.jboss.security.plugins.JaasSecurityManager.defaul
tLogin(JaasSecurityManager.java:351)

My auth.conf is as follows:

libsec {
org.jboss.security.plugins.samples.LdapLoginModule required
java.naming.factory.initial=com.sun.jndi.ldap.LdapCtxFactory
principalDNPrefix=uid=
uidAttributeID=userid
roleAttributeID=rolenames
principalDNSuffix=,ou=People,o=mydomain.com
rolesCtxDN=ou=Users,cn=Project1,ou=Projects,o=mydomain.com
java.naming.provider.url=ldap://hall:389/
java.naming.security.authentication=simple
};

I've tried to put "users" in uidAttributeID and "group" in roleAttributeID,
commented out several the prefix lines, tried different values for
rolesCtxDN, it's like shooting in the dark..

Can please someone enlighten me on this??? Is this the correct approach for
performing authentication and authorisation in a win 2000 server?? is it
necessary to perform something special on win 2000???

Thanks in advance,
Carlos Ferrao


___
JBoss-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-user