Java App Server + LDAP?
- From: krwightm@xxxxxxxxx
- Date: 18 Oct 2006 11:07:56 -0700
Hi All -
I'm attempting to get my JSAS9 install working with LDAP
authentication. I can authenticate against my LDAP server just fine
(JSAS9 sends the uid, retrieves the distinguished name from LDAP, then
binds with the distinguished name + password and gets a 'success'
message from LDAP). I don't know how to map either the uid or the
distinguished name to a role, though (I think). Presumably I'd add a
line to the sun-web.xml file, but I've tried assigning the role via
saying:
<security-role-mapping>
<role-name>AllowedRole</role-name>
<principal-name>[uid]</principalname>
<principal-name>CN=[uid]</principalname>
<principal-name>CN=[uid],OU=[orgUnit],dc=mydomain</principal-name>
</security-role-mapping>
The last entry is the complete distinguished name of the uid as
returned by the LDAP server.
None of these work. Each time the auth succeeds (I'm packet sniffing),
but I get permission denied to the app because (I believe) the ldap
distinguished name never gets mapped to a role. The role is made
correctly and has permissions assigned correctly in the web.xml
file...authenticating against my keyfile with a principal-name from the
keyfile gets me in with no trouble. Also, there appears to be no log
entry made of the reason behind the denied permission (I was hoping to
find out what role the user was getting assigned to so I know if I'm
right for sure).
Has anyone done LDAP role assignment, and if so what does yours look
like?
Cheers, and thanks,
Reid
.
- Prev by Date: Download Java / J2EE Interview questions
- Next by Date: Re: Eclipse -- Junit test definitions
- Previous by thread: Download Java / J2EE Interview questions
- Next by thread: Help needed with NetBeans IDE so sample code will work please?
- Index(es):
Relevant Pages
|
