Hello!!
I would like to authenticate the user only if he is in a specific group.
for my
test I have two users:
one user is in the FIRST GROUP
other is in de SECOND GROUP
I have an active directory :
OU=Role,DC=XXXX,DC=xxx
---admin
---usr
OU=People,DC=ldaphost,DC=xxx
---user1
---user2
usr1 is in the "admin", usr2 is in the "usr" and I authenticate the user via
JBoss withLdapLoginModule in the standalone.xml.
standelone.xml:
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://ldaphost"/>
<module-option name="rolesCtxDN" value="CN=admin,OU=Role,DC=ldaphost,DC=xxx"/>
<module-option name="principalDNSuffix" value="@ldaphost.xxx"/>
<module-option name="java.naming.security.authentication" value="simple"/>
</login-module>
The result is:
the usr1 success login
the usr2 success too
So the rolesCtxDN used does not work properly or is not used at all, and I have no error.
Someone has an idea of the problem? Anyone have another way to use a user according to his group?
