I'm wondering if it is possible to authenticate users against one ldap server, but then obtain roles for the same user from a different ldap server. The passwords in these two ldap servers are different. The first ldap server has the correct password, but only the second ldap server has the correct role information
I have tried to set this up using a login-config.xml file that has been excerpted below. If I use only the first login-module, I get authenticated properly, but the application does not get the necessary roles. When I include both login-modules I get what appears to be a password failure no matter which password (ldap1 or ldap2) that I use. Does anyone know if this is possible and how to do it? Thanks, Doug | <application-policy name="AppName"> | <authentication> | <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> | <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> | <module-option name="java.naming.provider.url">ldap://ldap1.domain.com:389/</module-option> | <module-option name="java.naming.security.authentication">simple</module-option> | <module-option name="principalDNPrefix">uid=</module-option> | <module-option name="principalDNSuffix">,cn=users,dc=domain,dc=com</module-option> | <module-option name="allowEmptyPasswords">false</module-option> | </login-module> | <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > | <module-option name="java.naming.provider.url">ldap://ldap2:389</module-option> | <module-option name="bindDN">uid=admin,ou=people,dc=domain,dc=com</module-option> | <module-option name="bindCredential">adminapassword</module-option> | <module-option name="baseCtxDN">ou=people,o=Organization,dc=domain,dc=com</module-option> | <module-option name="baseFilter">(uid={0})</module-option> | <module-option name="rolesCtxDN">ou=people,o=Organization,dc=domain,dc=com</module-option> | <module-option name="roleFilter">(uid={0})</module-option> | <module-option name="roleAttributeID">nsRoleDN</module-option> | <module-option name="roleAttributeIsDN">true</module-option> | <module-option name="roleNameAttributeID">cn</module-option> | <module-option name="roleRecursion">-1</module-option> | <module-option name="searchScope">ONELEVEL_SCOPE</module-option> | </login-module> | </authentication> | </application-policy> | View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4036138#4036138 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4036138 _______________________________________________ jboss-user mailing list jboss-user@lists.jboss.org https://lists.jboss.org/mailman/listinfo/jboss-user
