Hi all,
Good news! Finally, with trial and error to set different parameter, I can use
LdapLoginModule to work fine now.
Now I try to figure out the alternate setting for Ldap login.
share with our ok config:
anonymous wrote : can we write a custom login module?
Yes, you can. You can use any of the existing login modules as a guideline.
Most likely you will want to subclass the UsernamePasswordLoginModule class.
View the original post :
Thanks Peter.
We may get the wrong direction for LDAP authentication.
First, I think our LDAP server is a flat ldap structure and thus I only use
LdapLoginModule to test. In your config, you use LdapExtLoginModule.
I still try to use different parameter for role checking config in
defaultRole doesn't work exactly as I expected - you still need to provide role
search info. But here is something that worked for me. I want anyone who logs
in to have the loggedin role, and I want to use only that role in web.xml
(and other locations) to provide access control. I was able to
Thanks a lot. Peter.
The roleAttributeIsDN is set to false. However, still fail to access the
webpage. From the trace log, it shows that the authentication is ok but the
authorization is failed. The main problem is caused by role checking. Even
thought I set TRACE logging for the
Here are a few things to try.
1) Set roleAttributeIsDN to false. Looking at the code it appears that if this
is false then the role is assumed to be the attribute's value (that is, the
value of userClass in your example).
Also, set TRACE logging for the org.jboss.security.auth.spi package -
Hi all,
I do not know what is wrong in my setting. I still fail to use LDAP login
module. Can anyone help?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4241319#4241319
Reply to the post :
Peter,
Can you help me?
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4240568#4240568
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4240568
___
jboss-user mailing list
Thanks Peter.
Can we just use the same DN that include a lot of other information (other
attributes), such as UserClass, DeptCode, ?
How to use these attributes for the role checking? how to set it in ldap auth
module?
View the original post :
Yes, you can use such a DN. You need to set the role attributes such that the
result is, for example, the value for DeptCode.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4239132#4239132
Reply to the post :
In my Jun 4, 2009 email, I show the setting that set the role attributes to
userClass ( same as a kind of attributes of DeptCode ).
So, based on my setting, I don't know what's wrong.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4239230#4239230
Reply to the
Stating the user's DN is a good start, but I also need a DN for something that
could be used for a role, such as a department. And I need to know an attribute
on the user that can be used to link to that role/department.
The other thing I am thinking is that perhaps there is a way to simulate a
Thanks Peter.
I install jxplorer and can browse the ldap server; get the my DN as below. And
list the ldap auth config as below. I still get 403 error code. Peter, please
help to point out what's wrong. Thanks.
DN: uid=dickson,ou=people,o=my.com
Any ldapsearch utility will work. Two tools I use are:
JXplorer
http://sourceforge.net/projects/jxplorer/
http://www.sun.com/download/products.xml?id=3ea6ec4d
(Hmm, this last link is for the Sun ONE Directory Server Resource Kit, but the
page appears to be blank. You used to be able to download
Can you supply a full DN for a departmentcode? Given that I might be able to
provide the login module settings.
Also, do you have an ldapsearch utility? You will need one to ascertain that we
use the correct configuration settings. Without ldapserach, configuring an LDAP
login module is like
Thanks Peter.
I do not have a full DN for a departmentcode. I only know how to config
apache to do basic authentication against our ldap server. I know my
departmentcode, such as iso, hro,...etc.
Also, I do not have ldapsearch utility. Please recommend me which ldapsearch
utility I should use
Peter,
Can you help to solve my LDAP authentication problem? Thanks.
Thanks in advance for anyone's help.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4234594#4234594
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4234594
Thanks Peter.
Workaround 2 is my target too. Under the LDAP tree, find the right person with
related information (department code, user class, ...etc). These information
can be used as the role. The question is how to config.
I show the setting of LDAP login module. I want to use the
I do not know if there is a way to get the LDAP login module to not attempt to
get the role - I would have to dig through the source code to find out. I can
think of two workarounds:
1) Subclass org.jboss.security.auth.spi.LdapLoginModule and code the subclass
to ignore the role info and
Thanks for Peter so much.
(most of my question are answered by you, thank you)
Actually, I want to config the LDAP authentication. However, I get failure and
it is hard to trace what's wrong. Do you have more example about LDAP Auth
config? Or how to trace this auth error?
At the original
I get 403 error when test the ldap auth. It seems that the password
authentication is ok because no error is in the server.log. Therefore, it means
something is wrong in role authentication.
As my ldap server does not have role design and information, I want to use the
same tree (class) for
Can anyone help for this issue?
Thanks in advance.
View the original post :
http://www.jboss.org/index.html?module=bbop=viewtopicp=4232637#4232637
Reply to the post :
http://www.jboss.org/index.html?module=bbop=postingmode=replyp=4232637
___
The role checking is an integral part of login - without it the app server will
not know the role of the user and therefore cannot grant access rights to any
resources. In other words, even though the user is logged in, she would still
get a 404 error because she would not have access to the
This might be a good start http://www.jboss.org/community/docs/DOC-12185
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4207237#4207237
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4207237
Thanks for Jaikiran help.
I have read that article to get the idea of the setup for authentication.
For the authentication with using password file, ldap and other else, it also
include the role (authorization) checking. How can I ignore that role checking
and just validate the
25 matches
Mail list logo
