Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

LDAP Search with subtree Scope

 
Rajesh Seth
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi
I have configured JConsole to authenticate remotely logged in user from LDAP on Tomcat. Below is the query configured in Tomcat server(login.config) to authenticate from LDAP server.

Tomcat { /* should match to the com.sun.management.jmxremote.login.config property */

com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://172.16.10.160:389/dc=mulesoft,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{departmentNumber}"
useSSL=false
debug=true;
};

But it doesn't work unless direct DN is not provided. Using direct DN, From root to bottom path till DN in "userFilter=", it authenticates fine. A wild guess to the problem is that it is not searching the subtree. I need some parameter here which tells the Server to search inside the subtree as well for the user. Right now it is only looking into the head tree and not navigating inside. Basically LDAP search scope need to be specified. When I search from Active Directory Studio with scope set as subtree, it works fine without direct DN provided(userFilter set shown in Query above).

Is there any parameter in LdapLoginModule to set scope property? I am ready to change provider as well but would prefer using com.sun.security.auth.module.LdapLoginModule.

More Info on - http://www.coderanch.com/t/614596/Web-Services/java/Disable-web-service-JMX#2811811

Thanks,
Rajesh Seth
 
Rajesh Seth
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please Help!!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic