Getting 403 authorization issue when the required group has member attribute as groupMembership in LDAP server
Issue
- Getting 403 authorization issue when the required group has member attribute as
groupMembershipin LDAP server.
<login-module code="LdapExtended" name="my_ldap_level1" flag="optional">
<module-option name="password-stacking" value="useFirstPass" />
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value=""/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value=""/>
<module-option name="bindCredential" value=""/>
<module-option name="baseCtxDN" value="ou=People,dc=redhat,dc=com"/>
<module-option name="baseFilter" value="(uid={0})"/>
<module-option name="rolesCtxDN" value="ou=My Groups,ou=Groups,dc=redhat,dc=com"/>
<module-option name="roleFilter" value="(groupMembership={1})"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="throwValidateError" value="true"/>
</login-module>
- How do we setup two separate LDAP security realms that talk to two different LDAP servers, where group has member attribute as
groupMembershipin LDAP server?
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
