karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré ...@nanthrax.net>
Subject Re: LDAP search + role with Karaf
Date Thu, 16 Dec 2010 05:51:09 GMT
Thanks Charles,

I would like to add some unit tests before closing the tests.

I was very busy with customer these last days. I'm in holiday tomorrow, 
so I will have time to work on Apache projects (like ServiceMix, Karaf, 
Aries, Camel, etc) :))

Regards
JB

On 12/15/2010 09:56 PM, Charles Moulliard wrote:
> Thx for the info + code submitted. IT works fine and I'm able to
> authenticate a user + role within camel-jetty endpoint with LDAP :-)
>
> On 15/12/10 21:26, Jean-Baptiste Onofré wrote:
>> Hi Charles
>>
>> The user.filter property should looks like:
>>
>> user.filter="(cn=%u)"
>>
>> %u is replaced by the username.
>>
>> Same for the role:
>>
>> role.filter="(member:=uid=%u)"
>>
>> Turning the log level to debug should provide all the cinematic.
>>
>> Could you provide the log in debug ?
>>
>> Regards
>> JB
>>
>> On 12/15/2010 08:44 PM, Charles Moulliard wrote:
>>> I have updated karaf to use LDAP component
>>>
>>> JB,
>>>
>>> Can you help me define the content of the LDAP fields please because I'm
>>> not able to authenticate my user now ?
>>>
>>> USER SEARCH
>>> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
>>> -w secret -LLL -s one -b
>>> "ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com" "(cn=admin)" cn
>>> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> cn: admin
>>>
>>> ROLE SEARCH
>>> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com"
>>> -w secret -LLL -s one -b
>>> "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
>>> "(member:=uid=admin)" member
>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> member: uid=admin
>>>
>>>
>>>
>>> <jaas:module
>>> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>>> flags="required">
>>> initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
>>> connection.url=ldap://[127.0.0.1]:389
>>> connection.username=cn=admin,dc=fusesource,dc=com
>>> connection.password=secret
>>> authentication=simple
>>> user.base.dn=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> user.filter=(cn={0})
>>> user.search.subtree=true
>>>
>>> role.base.dn=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>> role.name.attribute=cn
>>> role.filter=(member:=uid={1})
>>> role.search.subtree=true
>>> </jaas:module>
>>>
>>> On 15/12/10 18:31, Guillaume Nodet wrote:
>>>> JB has recently committed a newer version of the LDAP module which is
>>>> much better integrated with Karaf (supporting our role description
>>>> policy, password encryption, etc...)
>>>> I think we may want to work on a backend engine to support the new
>>>> LDAP console commands to administer users too ...
>>>>
>>>> On Wed, Dec 15, 2010 at 18:02, Charles Moulliard<cmoulliard@gmail.com>
>>>> wrote:
>>>>> Hi,
>>>>>
>>>>> I'm stuck with LDAP search and try to understand why the
>>>>> LDAPLoginModule of
>>>>> Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find
>>>>> the
>>>>> role.
>>>>>
>>>>> Here is the request that I made in my slapd server
>>>>>
>>>>> ldapsearch -H ldap://localhost:389 -x -D
>>>>> "cn=admin,dc=fusesource,dc=com" -w
>>>>> xxxx -LLL -s one -b
>>>>> "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
>>>>> "(member:=uid=admin)" member
>>>>> -->
>>>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> member: uid=admin
>>>>>
>>>>> LDAP config
>>>>>
>>>>> <jaas:config name="ldap">
>>>>> <!-- -->
>>>>> <jaas:module
>>>>> className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
>>>>> flags="required">
>>>>> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>>>>> connectionURL=ldap://[127.0.0.1]:389
>>>>> connectionUsername=cn=admin,dc=fusesource,dc=com
>>>>> connectionPassword=secret
>>>>> connectionProtocol=
>>>>> authentication=simple
>>>>> userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> userRoleName=admin
>>>>> userSearchMatching=(cn={0})
>>>>> userSearchSubtree=false
>>>>> roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> roleName=cn
>>>>> roleSearchMatching=(member:=uid={0})
>>>>> roleSearchSubtree=false
>>>>> </jaas:module>
>>>>>
>>>>> but it fails from LDAPLoginModule. In fact it does not find the role.
>>>>>
>>>>> dn: ou=systems,dc=fusesource,dc=com
>>>>> objectClass: organizationalUnit
>>>>> objectClass: top
>>>>> ou: systems
>>>>>
>>>>> dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> objectClass: organizationalUnit
>>>>> objectClass: top
>>>>> ou: ActiveMQ
>>>>>
>>>>> dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> objectClass: organizationalUnit
>>>>> objectClass: top
>>>>> ou: Group
>>>>>
>>>>> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> objectClass: groupOfNames
>>>>> objectClass: top
>>>>> cn: admin
>>>>> member: uid=admin
>>>>>
>>>>> dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> objectClass: organizationalUnit
>>>>> objectClass: top
>>>>> ou: User
>>>>>
>>>>> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>>>>> objectClass: organizationalPerson
>>>>> objectClass: person
>>>>> objectClass: top
>>>>> cn: admin
>>>>> sn: admin
>>>>> userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
>>>>>
>>>>>
>>>>> Any help is welcome.
>>>>>
>>>>> Regards,
>>>>>
>>>>> Charles
>>>>>
>>>>
>>>>
>>

Mime
View raw message