Win a copy of The Java Performance Companion this week in the Performance forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

how to specify the group to authenticate user in ldaploginmodule and jboss configuration

 
vivien heudt
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hello!!

I would like to authenticate the user only if he is in a specific group.

for my test I have two users:

one user is in the FIRST GROUP
other is in de SECOND GROUP
I have an active directory :
OU=Role,DC=XXXX,DC=xxx
---admin
---usr
OU=People,DC=ldaphost,DC=xxx
---user1
---user2
usr1 is in the "admin", usr2 is in the "usr" and I authenticate the user via JBoss withLdapLoginModule in the standalone.xml.

standelone.xml:

<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://ldaphost"/>

<module-option name="rolesCtxDN" value="CN=admin,OU=Role,DC=ldaphost,DC=xxx"/>

<module-option name="principalDNSuffix" value="@ldaphost.xxx"/>
<module-option name="java.naming.security.authentication" value="simple"/>
</login-module>
The result is:

the usr1 success login
the usr2 success too
So the rolesCtxDN used does not work properly or is not used at all, and I have no error.

Someone has an idea of the problem? Anyone have another way to use a user according to his group?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic