Fatal编程技术网
  • jboss/
  • LdapExtLoginModule与LdapLoginModule Jboss5.1

LdapExtLoginModule与LdapLoginModule Jboss5.1

jboss ldap

LdapExtLoginModule与LdapLoginModule Jboss5.1,jboss,ldap,Jboss,Ldap,我有一个LdapLoginModule的配置,正在工作 <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name = "unauthenticatedIdentity">nobody</module-option> <module-option n

我有一个LdapLoginModule的配置,正在工作

        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
            <module-option name = "unauthenticatedIdentity">nobody</module-option>
            <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
            <module-option name="java.naming.provider.url">ldap://ldap.server:389/</module-option>
            <module-option name="java.naming.security.authentication">simple</module-option>
            <module-option name="principalDNPrefix">CN=</module-option>
            <module-option name="principalDNSuffix">,OU=DEPT. PROGRAMARI,OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
            <module-option name="baseCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>                                                                                                                                
            <module-option name="baseFilter">(sAMAccountName={0})</module-option>
            <module-option name="uidAttributeID">member</module-option>
            <module-option name="matchOnUserDN">true</module-option>
            <module-option name="rolesCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
            <module-option name="roleFilter">(member={0})</module-option>                                                 
            <module-option name="roleAttributeID">cn</module-option>                                                               
            <module-option name="searchTimeLimit">10000</module-option>
            <module-option name="searchScope">SUBTREE_SCOPE</module-option>
        </login-module>
感谢您的帮助。

最后,解决方案是:

<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://ldap.server:389/</module-option>
      <module-option name="bindDN">CN=Andreu Serra,OU=DEPT. PROGRAMARI,OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
      <module-option name="bindCredential">trx$951</module-option>

      <module-option name="baseCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
      <module-option name="baseFilter">(sAMAccountName={0})</module-option>
      <module-option name="rolesCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
      <module-option name="roleFilter">(member={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>


com.sun.jndi.ldap.ldapctx工厂
ldap://ldap.server:389/
CN=Andreu Serra,OU=DEPT.PROGRAMARI,OU=LIMIT-CECOMASA,DC=LIMIT\U CECOMASA,DC=LOCAL
斯里兰卡卢比951美元
OU=极限-CECOMASA,DC=极限\U CECOMASA,DC=局部
(sAMAccountName={0})
OU=极限-CECOMASA,DC=极限\U CECOMASA,DC=局部
(成员={1})
cn
子树范围
我建议安装JXplorer或类似的程序来浏览LDAP目录并查看所有属性及其值

希望这能有所帮助

14:00:35,458 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize
14:00:35,459 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Security domain: seycon
14:00:35,459 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login
14:00:35,512 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=Andreu Serra
14:00:35,520 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] abort
14:00:35,520 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.seycon] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
    at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:606)
    at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
    at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
    at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
    at java.security.AccessController.doPrivileged(Native Method)
    at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
    at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
    at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
    at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
    at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
    at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
    at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
    at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
    at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
    at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
    at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
    at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
    at java.lang.Thread.run(Thread.java:745)
14:00:35,521 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.seycon] End isValid, false
14:00:35,521 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
14:00:35,521 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null

<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
      <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
      <module-option name="java.naming.provider.url">ldap://ldap.server:389/</module-option>
      <module-option name="bindDN">CN=Andreu Serra,OU=DEPT. PROGRAMARI,OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
      <module-option name="bindCredential">trx$951</module-option>

      <module-option name="baseCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
      <module-option name="baseFilter">(sAMAccountName={0})</module-option>
      <module-option name="rolesCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
      <module-option name="roleFilter">(member={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>