У меня этот conf для LdapLoginModule, который работает.LdapExtLoginModule Vs LdapLoginModule Jboss5.1
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name = "unauthenticatedIdentity">nobody</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://ldap.server:389/</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="principalDNPrefix">CN=</module-option>
<module-option name="principalDNSuffix">,OU=DEPT. PROGRAMARI,OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
<module-option name="baseCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="rolesCtxDN">OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
<module-option name="roleFilter">(member={0})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="searchTimeLimit">10000</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
</login-module>
Теперь я должен установить соединение с LDAP с помощью usindg модуля Ext, потому что это один поиска в каждой подпапке дерева. Я не хочу, чтобы пользователь обязательно принадлежал группе DEPT. Programari, как в приведенном выше примере. Таким образом, я изменил в регистрационной-conf.xml:
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.provider.url">ldap://ldap.server:389/</module-option>
<module-option name="bindDN">CN=Andreu Serra,OU=DEPT. PROGRAMARI,OU=LIMIT - CECOMASA,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
<module-option name="bindCredential">secret</module-option>
<module-option name="baseCtxDN">OU=people,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">OU=people,DC=LIMIT_CECOMASA,DC=LOCAL</module-option>
<module-option name="roleFilter">(member={0})</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
</login-module>
Я также пробовал много других тестов, но всегда дает мне эту ошибку:
14:00:35,458 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] initialize
14:00:35,459 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] Security domain: seycon
14:00:35,459 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] login
14:00:35,512 DEBUG [org.jboss.security.auth.spi.LdapExtLoginModule] Bad password for username=Andreu Serra
14:00:35,520 TRACE [org.jboss.security.auth.spi.LdapExtLoginModule] abort
14:00:35,520 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.seycon] Login failure
javax.security.auth.login.FailedLoginException: Password Incorrect/Password Required
at org.jboss.security.auth.spi.UsernamePasswordLoginModule.login(UsernamePasswordLoginModule.java:252)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at javax.security.auth.login.LoginContext.invoke(LoginContext.java:762)
at javax.security.auth.login.LoginContext.access$000(LoginContext.java:203)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:690)
at javax.security.auth.login.LoginContext$4.run(LoginContext.java:688)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.login.LoginContext.invokePriv(LoginContext.java:687)
at javax.security.auth.login.LoginContext.login(LoginContext.java:595)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.defaultLogin(JaasSecurityManagerBase.java:552)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.authenticate(JaasSecurityManagerBase.java:486)
at org.jboss.security.plugins.auth.JaasSecurityManagerBase.isValid(JaasSecurityManagerBase.java:365)
at org.jboss.security.plugins.JaasSecurityManager.isValid(JaasSecurityManager.java:160)
at org.jboss.web.tomcat.security.JBossWebRealm.authenticate(JBossWebRealm.java:384)
at org.apache.catalina.authenticator.BasicAuthenticator.authenticate(BasicAuthenticator.java:181)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:491)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:745)
14:00:35,521 TRACE [org.jboss.security.plugins.auth.JaasSecurityManagerBase.seycon] End isValid, false
14:00:35,521 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
14:00:35,521 TRACE [org.jboss.security.SecurityRolesAssociation] Setting threadlocal:null
Любая помощь будет apreciated.