aspose file tools*
The moose likes Security and the fly likes LDAP Search with subtree Scope Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Engineering » Security
Bookmark "LDAP Search with subtree Scope" Watch "LDAP Search with subtree Scope" New topic
Author

LDAP Search with subtree Scope

Rajesh Seth
Greenhorn

Joined: Aug 30, 2010
Posts: 12
Hi
I have configured JConsole to authenticate remotely logged in user from LDAP on Tomcat. Below is the query configured in Tomcat server(login.config) to authenticate from LDAP server.

Tomcat { /* should match to the com.sun.management.jmxremote.login.config property */

com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldap://172.16.10.160:389/dc=mulesoft,dc=com"
userFilter="(&(uid={USERNAME})(objectClass=inetOrgPerson))"
authzIdentity="{departmentNumber}"
useSSL=false
debug=true;
};

But it doesn't work unless direct DN is not provided. Using direct DN, From root to bottom path till DN in "userFilter=", it authenticates fine. A wild guess to the problem is that it is not searching the subtree. I need some parameter here which tells the Server to search inside the subtree as well for the user. Right now it is only looking into the head tree and not navigating inside. Basically LDAP search scope need to be specified. When I search from Active Directory Studio with scope set as subtree, it works fine without direct DN provided(userFilter set shown in Query above).

Is there any parameter in LdapLoginModule to set scope property? I am ready to change provider as well but would prefer using com.sun.security.auth.module.LdapLoginModule.

More Info on - http://www.coderanch.com/t/614596/Web-Services/java/Disable-web-service-JMX#2811811

Thanks,
Rajesh Seth
Rajesh Seth
Greenhorn

Joined: Aug 30, 2010
Posts: 12
Please Help!!
 
 
subject: LDAP Search with subtree Scope