Getting 403 authorization issue when the required group has member attribute as groupMembership in LDAP server
Issue
- Getting 403 authorization issue when the required group has member attribute as
groupMembershipin LDAP server.
<login-module code="LdapExtended" name="my_ldap_level1" flag="optional">
<module-option name="password-stacking" value="useFirstPass" />
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value=""/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value=""/>
<module-option name="bindCredential" value=""/>
<module-option name="baseCtxDN" value="ou=People,dc=redhat,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=My Groups,ou=Groups,dc=redhat,dc=com"/>
<module-option name="roleFilter" value="(groupMembership={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="throwValidateError" value="true"/>
</login-module>
- How do we setup two separate LDAP security realms that talk to two different LDAP servers, where group has member attribute as
groupMembershipin LDAP server?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
