JBoss 7 Ldap正确角色过滤器
我试图使用JBoss模块进行LDAP登录,但我想我缺少一些明显的配置。我的用户已通过身份验证,但我可以授予他角色。JBoss模块配置如下:JBoss 7 Ldap正确角色过滤器,jboss,ldap,Jboss,Ldap,我试图使用JBoss模块进行LDAP登录,但我想我缺少一些明显的配置。我的用户已通过身份验证,但我可以授予他角色。JBoss模块配置如下: <security-domain name="epuBph"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="requir
<security-domain name="epuBph">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://....."/>
<module-option name="bindDN" value="uid=admin,ou=system"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="Context.REFERRAL" value="follow"/>
<module-option name="throwValidateError" value="true"/>
<module-option name="baseCtxDN" value="ou=user,ou=epubph,ou=system"/>
<module-option name="rolesCtxDN" value="ou=group,ou=epubph,ou=system"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="roleFilter" value="(uid={0})"/>
<module-option name="roleAttributeIsDN" value="false"/>
<module-option name="roleAttributeID" value="cn"/>
</login-module>
</authentication>
</security-domain>
最后,LDIF:
version: 1
dn: ou=epubph,ou=system
objectClass: organizationalUnit
objectClass: top
ou: epubph
dn: cn=USER,ou=group,ou=epubph,ou=system
objectClass: groupOfNames
objectClass: top
cn: USER
member: uid=radca
dn: ou=user,ou=epubph,ou=system
objectClass: organizationalUnit
objectClass: top
ou: user
dn: uid=radca,ou=user,ou=epubph,ou=system
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: radca
userPassword:: e3NoYTI1Nn1uNGJRZ1loTWZXV2FMK3FneFZyUUZhTy9UeHNyQzRJczBWMXNGY
kR3Q2dnPQ==
dn: ou=group,ou=epubph,ou=system
objectClass: organizationalUnit
objectClass: top
ou: group
dn: uid=admin,ou=user,ou=epubph,ou=system
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: admin
userPassword:: e3NoYTI1Nn1uNGJRZ1loTWZXV2FMK3FneFZyUUZhTy9UeHNyQzRJczBWMXNGY
kR3Q2dnPQ==
dn: cn=ADMIN,ou=group,ou=epubph,ou=system
objectClass: groupOfNames
objectClass: top
cn: ADMIN
member: uid=admin
有人能给我指一下正确的方向吗?我相信我遗漏了一些简单的东西,尽管我认为,我的配置不正确。幸运的是,有人发了一篇很好的帖子(虽然是葡萄牙语),其中有一个简单的例子帮助了我:
version: 1
dn: ou=epubph,ou=system
objectClass: organizationalUnit
objectClass: top
ou: epubph
dn: cn=USER,ou=group,ou=epubph,ou=system
objectClass: groupOfNames
objectClass: top
cn: USER
member: uid=radca
dn: ou=user,ou=epubph,ou=system
objectClass: organizationalUnit
objectClass: top
ou: user
dn: uid=radca,ou=user,ou=epubph,ou=system
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: radca
userPassword:: e3NoYTI1Nn1uNGJRZ1loTWZXV2FMK3FneFZyUUZhTy9UeHNyQzRJczBWMXNGY
kR3Q2dnPQ==
dn: ou=group,ou=epubph,ou=system
objectClass: organizationalUnit
objectClass: top
ou: group
dn: uid=admin,ou=user,ou=epubph,ou=system
objectClass: account
objectClass: simpleSecurityObject
objectClass: top
uid: admin
userPassword:: e3NoYTI1Nn1uNGJRZ1loTWZXV2FMK3FneFZyUUZhTy9UeHNyQzRJczBWMXNGY
kR3Q2dnPQ==
dn: cn=ADMIN,ou=group,ou=epubph,ou=system
objectClass: groupOfNames
objectClass: top
cn: ADMIN
member: uid=admin