[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
[jetty-users] Ldap authentication and Active Directory group
|
Hallo, I configured LdapLoginModule and I am able to authenticate with a user that is memberof GroupX, but no group is retrieved, I think.
I always obtain:
HTTP ERROR 403
Problem accessing /solr/browse. Reason:
!role
--------------------------------------------------------------------------------
Powered by Jetty://
My configuration files.
ldaplogin.conf:
ldaploginmodule {
org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
debug="true"
debugNative="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="abc.com"
port="389"
bindDn="CN=LdapUsr,OU=Accounts,OU=xyz,DC=abc,DC=com"
bindPassword="password1"
directGroupExtraction="true"
userGroupAttribute="cn"
allRolesMode="authOnly"
userFilter="(objectClass=organizationalPerson)"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="DC=abc,DC=com"
userRdnAttribute="cn"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
userRoleName="memberof"
roleSearch="(member={0})"
roleName="cn"
roleSubtree="true"
roleBaseDn="OU=RoleFolder,OU=xyz,DC=abc,DC=com"
roleNameAttribute="cn"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames";
};
Webdefault.xml:
.
.
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Test JAAS Realm</realm-name>
</login-config>
<security-constraint>
<web-resource-collection>
<web-resource-name>Solr Admin Auth</web-resource-name>
<url-pattern>/*</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>admin1</role-name>
<role-name>CN=GroupX,OU=RoleFolder,OU=xyz,DC=abc,DC=com</role-name>
<role-name>GroupX</role-name>
</auth-constraint>
</security-constraint>
<security-role-mapping>
<role-name>admin1</role-name>
<group-name>CN=GroupX,OU=RoleFolder,OU=xyz,DC=abc,DC=com</group-name>
</security-role-mapping>
<security-role>
<role-name>CN=GroupX,OU=RoleFolder,OU=xyz,DC=abc,DC=com</role-name>
</security-role>
.
.
Jetty.xml :
.
.
.
<Call name="addBean">
<Arg>
<New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
<Set name="Name">Test JAAS Realm</Set>
<Set name="LoginModuleName">ldaploginmodule</Set>
</New>
</Arg>
</Call>
.
.
Could you help me?
Thanks.