Authentication fails when using both UsersRolesLoginModule and LdapExtLoginModule on EAP
Issue
- I edited my login-config.xml so that I can use both File Membership or LDAP Membership
<application-policy name="jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties">props/soa-users.properties</module-option>
<module-option name="rolesProperties">props/soa-roles.properties</module-option>
</login-module>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="sufficient" >
<module-option name="debug">true</module-option>
<module-option name="java.naming.provider.url">ldaps://server:port</module-option>
<module-option name="java.naming.security.protocol">ssl</module-option>
<module-option name="realm">admin</module-option>
<module-option name="bindDN">we have entered correct LDAP user account</module-option>
<module-option name="bindCredential">we have entered correct LDAP user password</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="baseCtxDN">ou=people,dc=sample,dc=com</module-option>
<module-option name="roleFilter">(uniquemember={1})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="rolesCtxDN">ou=groups,dc=sample,dc=com</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="roleRecursion">2</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="searchTimeLimit">10000</module-option>
<module-option name="defaultRole">JBossAdmin</module-option>
</login-module>
</authentication>
</application-policy>
- When I attempt to login to the admin-console the log shows:
2012-03-21 13:21:34,477 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-0.0.0.0-8080-6) Assign user to role JBossAdmin
2012-03-21 13:21:34,477 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-0.0.0.0-8080-6) User 'test' authenticated, loginOk=true
2012-03-21 13:21:34,477 TRACE [org.jboss.security.auth.spi.UsersRolesLoginModule] (http-0.0.0.0-8080-6) abort
2012-03-21 13:21:34,477 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] (http-0.0.0.0-8080-6) abort
- Is there a way to configure multiple authentication providers to authenticate against Active Directory and if the user is not found, the authentication should happen in the local users.properties file.
Environment
- JBoss Enterprise Application Platform (EAP) 5.1
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Close
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.