• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JBoss EAP 6.1 LDAP Extended Login Module not Authorizing

 
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I am currently trying to implement LDAP authentication using the JBoss LdapExtLoginModule.
I should say I have it working using the JBoss LdapLoginModule and it authenticates fine but when I use the Extended version it doesn't work.
I am also trying to retrieve the groups from active directory, and map them to set roles in the application but im not having much success, I have read it can be done with the extended login module hence my reason for using it.

Can anyone help?

Here is my code:

standalone.xml


Jboss-web.xml


The working code I have is the following:

standalone.xml


Thanks!
 
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The javadoc (https://docs.jboss.org/jbossas/javadoc/4.0.4/security/org/jboss/security/auth/spi/LdapExtLoginModule.html) mentions options jaasSecurityDomain. Have you tried setting it?

Note: when trying to read the javadoc, view the page source. That gives you some better formatting of the class documentation.
 
Dan Ralphs
Greenhorn
Posts: 2
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I am a little unsure what value I assign to the setting as there isnt any documentation on the option other than this.

"This can be encrypted if the jaasSecurityDomain is specified. __jaasSecurityDomain__ : The JMX ObjectName of the JaasSecurityDomain to use to decrypt the java.naming.security.principal. The encrypted form of the password is that returned by the JaasSecurityDomain#encrypt64(byte[]) method."

Are you saying it may work if I encrypt the password?
Shouldnt it work unencrypted too?

Thanks!
 
Rob Spoor
Sheriff
Posts: 22783
131
Eclipse IDE Spring VI Editor Chrome Java Windows
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
To be honest I don't know, but it would seem logical to be able to specify the security domain without having to encrypt it. I'd say, give it a try (both with and without the java: prefix).
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
reply
    Bookmark Topic Watch Topic
  • New Topic