karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: LDAP search + role with Karaf
Date Wed, 15 Dec 2010 20:26:12 GMT
Hi Charles

The user.filter property should looks like:

user.filter="(cn=%u)"

%u is replaced by the username.

Same for the role:

role.filter="(member:=uid=%u)"

Turning the log level to debug should provide all the cinematic.

Could you provide the log in debug ?

Regards
JB

On 12/15/2010 08:44 PM, Charles Moulliard wrote:
> I have updated karaf to use LDAP component
>
> JB,
>
> Can you help me define the content of the LDAP fields please because I'm
> not able to authenticate my user now ?
>
> USER SEARCH
> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
> -w secret -LLL -s one -b
> "ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(cn=admin)" cn
> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> cn: admin
>
> ROLE SEARCH
> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
> -w secret -LLL -s one -b
> "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
> "(member:=uid=admin)" member
> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> member: uid=admin
>
>
>
> <jaas:module
> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
> flags="required">
> initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
> connection.url=ldap://[127.0.0.1]:389
> connection.username=cn=admin,dc=fusesource,dc=com
> connection.password=secret
> authentication=simple
> user.base.dn=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> user.filter=(cn={0})
> user.search.subtree=true
>
> role.base.dn=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> role.name.attribute=cn
> role.filter=(member:=uid={1})
> role.search.subtree=true
> </jaas:module>
>
> On 15/12/10 18:31, Guillaume Nodet wrote:
>> JB has recently committed a newer version of the LDAP module which is
>> much better integrated with Karaf (supporting our role description
>> policy, password encryption, etc...)
>> I think we may want to work on a backend engine to support the new
>> LDAP console commands to administer users too ...
>>
>> On Wed, Dec 15, 2010 at 18:02, Charles Moulliard<cmoulliard@gmail.com>
>> wrote:
>>> Hi,
>>>
>>> I'm stuck with LDAP search and try to understand why the
>>> LDAPLoginModule of
>>> Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find the
>>> role.
>>>
>>> Here is the request that I made in my slapd server
>>>
>>> ldapsearch -H ldap://localhost:389 -x -D
>>> "cn=admin,dc=fusesource,dc=com" -w
>>> xxxx -LLL -s one -b
>>> "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
>>> "(member:=uid=admin)" member
>>> -->
>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> member: uid=admin
>>>
>>> LDAP config
>>>
>>> <jaas:config name="ldap">
>>> <!-- -->
>>> <jaas:module
>>> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>>> flags="required">
>>> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>>> connectionURL=ldap://[127.0.0.1]:389
>>> connectionUsername=cn=admin,dc=fusesource,dc=com
>>> connectionPassword=secret
>>> connectionProtocol=
>>> authentication=simple
>>> userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> userRoleName=admin
>>> userSearchMatching=(cn={0})
>>> userSearchSubtree=false
>>> roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> roleName=cn
>>> roleSearchMatching=(member:=uid={0})
>>> roleSearchSubtree=false
>>> </jaas:module>
>>>
>>> but it fails from LDAPLoginModule. In fact it does not find the role.
>>>
>>> dn: ou=systems,dc=fusesource,dc=com
>>> objectClass: organizationalUnit
>>> objectClass: top
>>> ou: systems
>>>
>>> dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> objectClass: organizationalUnit
>>> objectClass: top
>>> ou: ActiveMQ
>>>
>>> dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> objectClass: organizationalUnit
>>> objectClass: top
>>> ou: Group
>>>
>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> objectClass: groupOfNames
>>> objectClass: top
>>> cn: admin
>>> member: uid=admin
>>>
>>> dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> objectClass: organizationalUnit
>>> objectClass: top
>>> ou: User
>>>
>>> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> objectClass: organizationalPerson
>>> objectClass: person
>>> objectClass: top
>>> cn: admin
>>> sn: admin
>>> userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
>>>
>>>
>>> Any help is welcome.
>>>
>>> Regards,
>>>
>>> Charles
>>>
>>
>>

-- 
Jean-Baptiste Onofré
---------------------------------
  HomePage
http://www.nanthrax.net
---------------------------------
  Contacts
jbonofre@apache.org
jb@nanthrax.net
---------------------------------
  OpenSource
BuildProcess/AutoDeploy
http://buildprocess.sourceforge.net
Apache ServiceMix
http://servicemix.apache.org
-----------------------------------
PGP : 17D4F086

Mime
View raw message