-
15. Re: LdapLoginModule - almost working
a4rahman Oct 5, 2010 10:39 AM (in response to a4rahman)Yeah, I did another test and have confirmed that as soon as I change my login-module code from LdapLoginModule to LdapExtLoginModule, I get the error in the stack trace above. I have checked my jar files in the lib/ folder of my server and both classes exist in the same jar.
-
16. Re: LdapLoginModule - almost working
fstani Oct 5, 2010 11:03 AM (in response to a4rahman)Well, if you have the time, here are a couple of long shot tries:
- Add the context root to your jboss-web.xml;
- Remember to configure the certificates, in order to access the ldap server, adding -Djavax.net.ssl.trustStore=/path/to/your/cacerts.keystore, to Jboss runtime start;
- Check for new line in the configuration, jboss does not seem to cope very well with new line in xml configurations, try to keep everything in a single line always (I mean what goes inside the tags);
If possible, can you share what is the JBoss AS version you are deploying your application in?
I don't know if that will help at all, but might be worth a shot.
Best Regards,
Fábio
-
17. Re: LdapLoginModule - almost working
a4rahman Oct 5, 2010 11:19 AM (in response to fstani)Thanks Fábio, I'll definitely give it a shot.
As for the JBoss AS version, it's 4.2.3.
-
18. Re: LdapLoginModule - almost working
peterj Oct 5, 2010 4:15 PM (in response to a4rahman)Could you post the full console log for when you started the app server? I want to see what messages are being posted in regards to the xxx login module.
Also, you you check JNDIView and verify that the JNDI name is registered?
http://community.jboss.org/wiki/DisplayTheJDNITreeWithTheJMXConsole
-
19. Re: LdapLoginModule - almost working
a4rahman Oct 21, 2010 12:08 PM (in response to peterj)Sorry, got pulled off to something else and didn't get back to this until yesterday. My JBOSS server was totally messed up and I was having too much trouble with it. So I reinstalled and used the following configurations:
<application-policy name="XXX">
<authentication>
<login-module flag="required" code="org.jboss.security.auth.spi.LdapExtLoginModule">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://XXX:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">XXX\XXX</module-option>
<module-option name="bindCredential">XXX</module-option>
<module-option name="baseCtxDN">dc=XXX,dc=XXX</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">dc=XXX,dc=XXX</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">name</module-option>
<module-option name="java.naming.referral">follow</module-option>
</login-module>
</authentication>
</application-policy>And voila! If I die tonight (God forbid), I'll die a happy man. Ok, maybe that's not true. But in any case, Boom Shakalaka baby! Off to encrypting the bind credentials in my config. Thanks for all the help on this.
PS: I see there have been a lot of views on this thread. People, stop fooling around and buy "JBoss In Action". You should all aspire to be like Peter Johnson when you grow up.
-
20. Re: LdapLoginModule - almost working
peterj Oct 21, 2010 12:41 PM (in response to a4rahman)Asif, I'm glad that you are up and running. Scotch with champagne chasers for everyone And thanks for the endorsement.
-
21. Re: LdapLoginModule - almost working
mattkay Oct 26, 2010 7:40 PM (in response to peterj)"I have a complete description of how to query LDAP, and from the query results, how to determine how to set up the login module, but it is not free. I can provide a link if you like."
Can you please provide the link.
Thanks in advance.
Mat
-
22. Re: LdapLoginModule - almost working
peterj Oct 27, 2010 9:45 AM (in response to mattkay)Matt Kay wrote:
"I have a complete description of how to query LDAP, and from the query results, how to determine how to set up the login module, but it is not free. I can provide a link if you like."
Can you please provide the link.
Thanks in advance.
Mat
Someone didn't bother to read the whole thread - the link is already in there. (See my first reply after I made this offer.)
-
23. LdapLoginModule - almost working
fenstersponge Apr 29, 2011 5:00 PM (in response to a4rahman)This is an old post, but I found it helpful and thought I'd add some more information.
Basically what I found was this: if you have ANY problems with your login-config.xml, you basically just get this generic "No LoginModules configured". I had my logging turned way up, but there were no parsing errors or anything. Turns out I had a missing double quote in my file.
I discovered it finally when I renamed login-config.xml to see if jboss was really reading this file. Jboss started looking in the classpath to find the file, so I put it elsewhere in the classpath. When picked up from there, I saw the parsing error. The I was able to put the corrected file in /conf and everything worked fine.
Also found JBoss in Action helpful.
Another comment: a suggestion was made about jboss-app.xml if you're using an EAR. I am, so I tried that. Later, after I discovered my issue, I took out the jboss-app.xml and everything still worked. So if you just have one war in your ear, you apparently don't need jboss-app.xml.
Running jboss 4.0.5GA on RHEL 4.