karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Charles Moulliard <cmoulli...@gmail.com>
Subject Re: LDAP search + role with Karaf
Date Wed, 15 Dec 2010 20:56:54 GMT
Thx for the info + code submitted. IT works fine and I'm able to 
authenticate a user + role within camel-jetty endpoint with LDAP :-)

On 15/12/10 21:26, Jean-Baptiste Onofré wrote:
> Hi Charles
>
> The user.filter property should looks like:
>
> user.filter="(cn=%u)"
>
> %u is replaced by the username.
>
> Same for the role:
>
> role.filter="(member:=uid=%u)"
>
> Turning the log level to debug should provide all the cinematic.
>
> Could you provide the log in debug ?
>
> Regards
> JB
>
> On 12/15/2010 08:44 PM, Charles Moulliard wrote:
>> I have updated karaf to use LDAP component
>>
>> JB,
>>
>> Can you help me define the content of the LDAP fields please because I'm
>> not able to authenticate my user now ?
>>
>> USER SEARCH
>> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
>> -w secret -LLL -s one -b
>> "ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(cn=admin)" cn
>> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>> cn: admin
>>
>> ROLE SEARCH
>> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
>> -w secret -LLL -s one -b
>> "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
>> "(member:=uid=admin)" member
>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>> member: uid=admin
>>
>>
>>
>> <jaas:module
>> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>> flags="required">
>> initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>> connection.url=ldap://[127.0.0.1]:389
>> connection.username=cn=admin,dc=fusesource,dc=com
>> connection.password=secret
>> authentication=simple
>> user.base.dn=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>> user.filter=(cn={0})
>> user.search.subtree=true
>>
>> role.base.dn=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>> role.name.attribute=cn
>> role.filter=(member:=uid={1})
>> role.search.subtree=true
>> </jaas:module>
>>
>> On 15/12/10 18:31, Guillaume Nodet wrote:
>>> JB has recently committed a newer version of the LDAP module which is
>>> much better integrated with Karaf (supporting our role description
>>> policy, password encryption, etc...)
>>> I think we may want to work on a backend engine to support the new
>>> LDAP console commands to administer users too ...
>>>
>>> On Wed, Dec 15, 2010 at 18:02, Charles Moulliard<cmoulliard@gmail.com>
>>> wrote:
>>>> Hi,
>>>>
>>>> I'm stuck with LDAP search and try to understand why the
>>>> LDAPLoginModule of
>>>> Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find 
>>>> the
>>>> role.
>>>>
>>>> Here is the request that I made in my slapd server
>>>>
>>>> ldapsearch -H ldap://localhost:389 -x -D
>>>> "cn=admin,dc=fusesource,dc=com" -w
>>>> xxxx -LLL -s one -b
>>>> "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
>>>> "(member:=uid=admin)" member
>>>> -->
>>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> member: uid=admin
>>>>
>>>> LDAP config
>>>>
>>>> <jaas:config name="ldap">
>>>> <!-- -->
>>>> <jaas:module
>>>> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>>>> flags="required">
>>>> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>>>> connectionURL=ldap://[127.0.0.1]:389
>>>> connectionUsername=cn=admin,dc=fusesource,dc=com
>>>> connectionPassword=secret
>>>> connectionProtocol=
>>>> authentication=simple
>>>> userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> userRoleName=admin
>>>> userSearchMatching=(cn={0})
>>>> userSearchSubtree=false
>>>> roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> roleName=cn
>>>> roleSearchMatching=(member:=uid={0})
>>>> roleSearchSubtree=false
>>>> </jaas:module>
>>>>
>>>> but it fails from LDAPLoginModule. In fact it does not find the role.
>>>>
>>>> dn: ou=systems,dc=fusesource,dc=com
>>>> objectClass: organizationalUnit
>>>> objectClass: top
>>>> ou: systems
>>>>
>>>> dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> objectClass: organizationalUnit
>>>> objectClass: top
>>>> ou: ActiveMQ
>>>>
>>>> dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> objectClass: organizationalUnit
>>>> objectClass: top
>>>> ou: Group
>>>>
>>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> objectClass: groupOfNames
>>>> objectClass: top
>>>> cn: admin
>>>> member: uid=admin
>>>>
>>>> dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> objectClass: organizationalUnit
>>>> objectClass: top
>>>> ou: User
>>>>
>>>> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>> objectClass: organizationalPerson
>>>> objectClass: person
>>>> objectClass: top
>>>> cn: admin
>>>> sn: admin
>>>> userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
>>>>
>>>>
>>>> Any help is welcome.
>>>>
>>>> Regards,
>>>>
>>>> Charles
>>>>
>>>
>>>
>

Mime
View raw message