[JBoss-user] JBoss + Tomcat - LDAP Authorization -- mapping logical roles to the actual roles

Wed, 20 Nov 2002 04:00:56 -0800 

Hi , 

        I am Dhiraj Ramakrishnan, a software engineer from India. I am
facing the following problem in JBoss,

        I am trying to implement LDAP  configuration with JBOSS3.0.4_Tomcat.
I have configured the login-config.xml to the following,

        
        <policy>
                <application-policy name = "nShareLdap">
                        <authentication> 
                                <login-module code =
"org.jboss.security.auth.spi.LdapLoginModule" flag = "required">
                                        <module-option
name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-
option> 
                                        <module-option
name="java.naming.provider.url">ldap://hyd.nimaya.com:389/</module-option> 
                                        <module-option
name="java.naming.security.authentication">simple</module-option>

                                        <module-option
name="principalDNPrefix">cn=</module-option>
                                        <module-option
name="uidAttributeID">cn</module-option> 
                                        <module-option
name="roleAttributeID">memberOf</module-option>
                                        <module-option
name="principalDNSuffix">,cn=users,dc=hyd,dc=nimaya,dc=com</module-option>
                                        <module-option
name="rolesCtxDN">cn=users,dc=hyd,dc=nimaya,dc=com</module-option>
                                        <module-option
name="matchOnUserDN">false</module-option>

                                        <!--<module-option
name="unauthenticatedIdentity"></module-option>-->
                                </login-module>
                        </authentication>
                </application-policy>
        </policy>


        the  problem i am facing is that , it is authenticating users...
this i am assuming because it is giving no error/exception in the console
during  that time. And if i give an invalid user it is failing to
authenticate.

        The problem comes at the time of authorization , It gives an error
that you are not authorized to access the application.

        One reason is that the Logical name of the Roles that i have in my
application  have not been mapped on to the groups/roles that i have in
the LDAP server. But i don't find any tag in either jboss.xml or
jboss-web.xml to  configure that.

        Please let me know if , 
                a) there has to be some other configuration to be done to
map the logical roles in my application  to the physical roles in LDAP
server
                b) If the settings that i have done in the loginconfig.xml
are proper.

        Awaiting reponse,

        Thank You,                      
        Dhiraj Ramakrishnan

<<attachment: winmail.dat>>

Reply via email to