karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Baptiste Onofré (JIRA) <j...@apache.org>
Subject [jira] [Updated] (KARAF-3105) Cannot use LDAPLoginModule with ActiveDirectory
Date Thu, 22 Jan 2015 20:51:34 GMT

     [ https://issues.apache.org/jira/browse/KARAF-3105?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Jean-Baptiste Onofré updated KARAF-3105:
----------------------------------------
    Fix Version/s: 4.0.0.M2

> Cannot use LDAPLoginModule with ActiveDirectory
> -----------------------------------------------
>
>                 Key: KARAF-3105
>                 URL: https://issues.apache.org/jira/browse/KARAF-3105
>             Project: Karaf
>          Issue Type: Bug
>          Components: karaf-security
>    Affects Versions: 2.3.5
>            Reporter: Adam Edwards
>            Assignee: Jean-Baptiste Onofré
>             Fix For: 2.4.0, 4.0.0, 3.0.2, 2.3.6, 4.0.0.M2
>
>
> Please consider my pull request: https://github.com/apache/karaf/pull/44
> When trying to configure LDAPLoginModule for use with Active Directory, I could not find
a way with the current configuration to have the authorization work properly due to the use
of the member attribute in AD. I saw the %fqdn in the code but unfortunately that would not
work properly when search subtree is set to true. I think %fqdn should actually be removed
and replaced with my code, but didn't want to touch it just in case. I put in 2.3.x branch
as I want to see this make it into the next Fuse6.x release.
> With this modification, the following example will work properly with Active Directory
as the LDAP server.
> {code}
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
> xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
> <jaas:config name="karaf" rank="2">
> <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
> flags="required">
> initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
> connection.username=fuseService@mdw.local
> connection.password=xxxxxxx
> connection.protocol=
> connection.url=ldap://dc01.mdw.local:389
> user.base.dn=ou=Users,ou=mdw,DC=mdw,DC=local
> user.filter=(sAMAccountName=%u)
> user.search.subtree=true
> role.base.dn=ou=Groups,ou=mdw,DC=mdw,DC=local
> role.name.attribute=cn
> role.filter=(member=%nsdn)
> role.search.subtree=true
> authentication=simple
> </jaas:module>
> </jaas:config>
> </blueprint>  
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message