karaf-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Guillaume Nodet <gno...@gmail.com>
Subject Re: LDAP search + role with Karaf
Date Wed, 15 Dec 2010 17:31:08 GMT
JB has recently committed a newer version of the LDAP module which is
much better integrated with Karaf (supporting our role description
policy, password encryption, etc...)
I think we may want to work on a backend engine to support the new
LDAP console commands to administer users too ...

On Wed, Dec 15, 2010 at 18:02, Charles Moulliard <cmoulliard@gmail.com> wrote:
> Hi,
>
> I'm stuck with LDAP search and try to understand why the LDAPLoginModule of
> Karaf (= same code as ActiveMq LDAPLoginModule) is not able to find the
> role.
>
> Here is the request that I made in my slapd server
>
> ldapsearch -H ldap://localhost:389 -x -D "cn=admin,dc=fusesource,dc=com" -w
> xxxx -LLL -s one -b "ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com"
> "(member:=uid=admin)" member
> -->
> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> member: uid=admin
>
> LDAP config
>
> <jaas:config name="ldap">
> <!-- -->
> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
> flags="required">
>            initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
>            connectionURL=ldap://[127.0.0.1]:389
>            connectionUsername=cn=admin,dc=fusesource,dc=com
>            connectionPassword=secret
>            connectionProtocol=
>            authentication=simple
>            userBase=ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>            userRoleName=admin
>            userSearchMatching=(cn={0})
>            userSearchSubtree=false
>            roleBase=ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
>            roleName=cn
>            roleSearchMatching=(member:=uid={0})
>            roleSearchSubtree=false
> </jaas:module>
>
> but it fails from LDAPLoginModule. In fact it does not find the role.
>
> dn: ou=systems,dc=fusesource,dc=com
> objectClass: organizationalUnit
> objectClass: top
> ou: systems
>
> dn: ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> objectClass: organizationalUnit
> objectClass: top
> ou: ActiveMQ
>
> dn: ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> objectClass: organizationalUnit
> objectClass: top
> ou: Group
>
> dn: cn=admin,ou=Group,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> objectClass: groupOfNames
> objectClass: top
> cn: admin
> member: uid=admin
>
> dn: ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> objectClass: organizationalUnit
> objectClass: top
> ou: User
>
> dn: cn=admin,ou=User,ou=ActiveMQ,ou=systems,dc=fusesource,dc=com
> objectClass: organizationalPerson
> objectClass: person
> objectClass: top
> cn: admin
> sn: admin
> userPassword:: e1NIQX0wRFBpS3VOSXJyVm1EOElVQ3V3MWhReE5xWmM9
>
>
> Any help is welcome.
>
> Regards,
>
> Charles
>



-- 
Cheers,
Guillaume Nodet
------------------------
Blog: http://gnodet.blogspot.com/
------------------------
Open Source SOA
http://fusesource.com

Mime
View raw message