Greetings, I have a Geronimo 3 deployment and I have configured my application to use the LDAPLoginModule against Fortress (i.e. OpenLDAP).
I have included a security role as part of the web.xml, and I've successfully mapped that abstract role to LDAP groups using <principal name="myAbstractRoleName" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal/> in my geronimo-web.xml. However, the configuration option for a <distinguished-name> here does not seem to work. Does anyone know i this is implemented in the runtime, or perhaps there is something wrong in my configuration? Below is a simple geronimo-web.xml configuration that I've done against one of the sample EJB applications to demonstrate the problem. TIA, John <?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-2.0" xmlns:sec="http://geronimo.apache.org/xml/ns/security-2.0"> <dep:environment xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"> <dep:moduleId> <dep:artifactId>MyTimeWeb</dep:artifactId> <dep:version>1.0</dep:version> <dep:type>war</dep:type> </dep:moduleId> <dep:dependencies> <dep:dependency> <dep:groupId>console.realm</dep:groupId> <dep:artifactId>FortressRealm</dep:artifactId> <dep:version>1.0</dep:version> <dep:type>car</dep:type> </dep:dependency> </dep:dependencies> </dep:environment> <context-root>/mytime</context-root> <security-realm-name>FortressRealm</security-realm-name> <sec:security> <sec:default-principal> <sec:principal name="anonymous" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" /> </sec:default-principal> <sec:role-mappings> <sec:role role-name="EnmasseSuperUserRole"> <sec:principal name="EnmasseSuperUser" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" /> <sec:principal name="role1" class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" /> <!-- Support for this does not seem to be implemented: --> <sec:distinguished-name name="uid=johnfield,ou=People,dc=jts,dc=us"></sec:distinguished-name> <sec:distinguished-name name="cn=EnmasseSuperUser,ou=Roles,ou=RBAC,dc=jts,dc=us"></sec:distinguished-name> <sec:distinguished-name name="cn=role1,ou=Roles,ou=RBAC,dc=jts,dc=us"></sec:distinguished-name> <!-- This works, but is not my preferred approach. --> <sec:principal name="johnfield" class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" /> </sec:role> </sec:role-mappings> </sec:security> </web-app>