Leave identity-config.xml untouched (db configuration), in login-config.xml
comment out IdentityLoginConfig, and use SynchronizingLoginModule or
SynchronizingExtLoginModule with options 'synchronizeIdentity' and
'synchronizeRoles' set to 'false'. Then you'll have to keep users between LDAP
and
bdaw wrote : I recently added SynchronizingLdapLoginModule that extends
LdapLoginModule from JBossSX and SynchronizingLdapExtLoginModule that does the
same for LdapExtLoginModule You can use them to
| - just authenticate against LDAP + inject additional role principal which
is used to
Hi,
I am using jboss portal 2.6.0 bundle version. I made the changes in
jboss-service.xml to use ldap server as storage. And in login-config.xml I
uncommented SynchronizingLoginModule module. So i will be using
SynchronizingLoginModule and IdentityLoginModule for authentication.
I
Your config is wrong.
http://docs.jboss.com/jbportal/v2.6/referenceGuide/html/authentication.html#authentication.synchronizing_login_module
This module is designed to provide synchronization support for any other
LoginModule placed in the authentication stack.
So in your particular case you
Usecase:
*Use LDAP for username/passwords (authenticate).
*Use DB for roles/ACL/everything else related to Portal (authorization/etc).
I've been poking at this for a while on the 2.6 alpha1, and alpha2. There are
some comments in the configs, but no success yet.
Is there a reason not to
I recently added SynchronizingLdapLoginModule that extends LdapLoginModule
from JBossSX and SynchronizingLdapExtLoginModule that does the same for
LdapExtLoginModule You can use them to
- just authenticate against LDAP + inject additional role principal which is
used to secure portal
That's great bdaw!!
I would like to carry over roles from the LDAP, but since the Portal may have
new roles I was going with the use-case of moving all the roles to the
portal-oriented-DB.
With that last option for the SynchronizingLdapLoginModule:
- authenticate against LDAP + synchronize
Happy to hear that :)
Look here. It's the second login module (commented).
It's just a quick prototype so it's not much tested but should work. The code
is also quite simple (ext one here: here)
We may think about providing something more general to use with any login
module if there will
Not sure how you set up this. For 2.6 just use instructions from wiki
http://wiki.jboss.org/wiki/Wiki.jsp?page=Identity_and_Authentication_in_JBoss_Portal_2_6
or wait few days for Beta with a bit more helpfull documentation in Reference
Guide
View the original post :
Hey guys, thanks for the help in setting up LDAP.
I can now login as admin and normal users to OpenDS.
BUT when I add new users, they appear in OpenDS, but not as a member of the
Authenticated role. In order to log in with a new user account, I have to
manually add it to the role and also I
Okay so the way I ended up working around the security issues when using LDAP
is this:
- I downloaded the source so I could build the JBoss Portal myself.
- I DID NOT enable LDAP authenitcation and used the standard setup that comes
with JBoss Portal.
- I created all the users I wanted in JBoss
In 2.4.1:
- yes for authentication (LdapLoginModule)
- no for user management - you will need to manually implement UserModule and
RoleModule interfaces for that. You can use example MSAD implementation as a
reference (http://jira.jboss.com/jira/browse/JBPORTAL-464)
In 2.6 there is buildin
Thanks.
User management isn't too serious for now, if I can do that locally, its fine.
It's the ldap authentication which is required. Unfortunately by using local
user management, the securities are all messed up when logging in with ldap
passwords for the users. That where my major problem
This is a great thread for LDAP integration, and I used your Wiki to setup my
LDAP integration successfully...well...almost. I have a problem, and I've found
two other posts from different people with the same/similair problem, however
they never got any replies. You guys seem clued up, lets
Can you please stop cross-posting ?
It's the 3 email that you hijack with the same text.
You also started a thread here that seems related:
http://www.jboss.com/index.html?module=bbop=viewtopicp=4009914#4009914
But never came back on it.
We need good behavior from the forum user to keep it as a
My appologies. I did find 2 other threads where they asked the same question,
and no body replied. So I posted my question there too in hopes that the
original creators of the thread may have found a solution, and they would get a
topic reply notification, in which case they could help me. It
Thanks, no harm done.
i Hope you will find your way htrough your issue
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=4011907#4011907
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=4011907
bdaw wrote : Great to hear it! Could you describe your configuration in wiki?
It's the common question in the user forum recently.
|
|
Hi bdaw, sure i could do it, but ... i don`t know where. JBoss Wiki is still
confusing me a little bit.
Regards Oliver
View the original post :
Hello bdaw,
have a look at
http://wiki.jboss.org/wiki/Wiki.jsp?page=UsingAnLDAPSourceForPortalAuthentication.
Please have also a look at the already existing information, i have moved it
Configuration prior to Portal 2.4, but i`m not sure if tihs is correct.
regards Oliver
View the original
It's very good. Thanks!. It'll be helpfull for the community.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3988222#3988222
Reply to the post :
http://www.jboss.com/index.html?module=bbop=postingmode=replyp=3988222
Hello bdaw,
it works :). Great thx a lot for your help. Here is my setup.
1. Update
$JBOSS_HOME\server\default\deploy\jboss-portal.sar\conf\login-config.xml an
replace existing !-- application-policy name=portal
| authentication
| login-module
Great to hear it! Could you describe your configuration in wiki? It's the
common question in the user forum recently.
View the original post :
http://www.jboss.com/index.html?module=bbop=viewtopicp=3987968#3987968
Reply to the post :
22 matches
Mail list logo