Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[jetty-users] Ldap authentication and Active Directory group

Hallo, I configured LdapLoginModule and I am able to authenticate with a user that is memberof GroupX, but no group is retrieved, I think.


I always obtain:

HTTP ERROR 403

Problem accessing /solr/browse. Reason: 
    !role
--------------------------------------------------------------------------------
Powered by Jetty://



My configuration files.

ldaplogin.conf:
ldaploginmodule {
 org.eclipse.jetty.plus.jaas.spi.LdapLoginModule required
   debug="true"
   debugNative="true"
   contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
   hostname="abc.com"
   port="389"
   bindDn="CN=LdapUsr,OU=Accounts,OU=xyz,DC=abc,DC=com"
   bindPassword="password1"
   directGroupExtraction="true"
   userGroupAttribute="cn"
   allRolesMode="authOnly"
   userFilter="(objectClass=organizationalPerson)"
   authenticationMethod="simple"
   forceBindingLogin="true"
   userBaseDn="DC=abc,DC=com"
   userRdnAttribute="cn"
   userIdAttribute="sAMAccountName"
   userPasswordAttribute="unicodePwd"
   userObjectClass="user"
   userRoleName="memberof"
   roleSearch="(member={0})" 
   roleName="cn" 
   roleSubtree="true"
   roleBaseDn="OU=RoleFolder,OU=xyz,DC=abc,DC=com"
   roleNameAttribute="cn"
   roleMemberAttribute="uniqueMember"
   roleObjectClass="groupOfUniqueNames";
   };


Webdefault.xml:
.
.
    <login-config> 
            <auth-method>BASIC</auth-method> 
            <realm-name>Test JAAS Realm</realm-name> 
      </login-config> 


      <security-constraint> 
            <web-resource-collection> 
                  <web-resource-name>Solr Admin Auth</web-resource-name> 
                  <url-pattern>/*</url-pattern> 
            </web-resource-collection> 
 
            <auth-constraint>
		<role-name>admin1</role-name>
		<role-name>CN=GroupX,OU=RoleFolder,OU=xyz,DC=abc,DC=com</role-name>
		<role-name>GroupX</role-name>
            </auth-constraint>


      </security-constraint> 

<security-role-mapping>
    <role-name>admin1</role-name>
    <group-name>CN=GroupX,OU=RoleFolder,OU=xyz,DC=abc,DC=com</group-name>
</security-role-mapping>

<security-role>
    <role-name>CN=GroupX,OU=RoleFolder,OU=xyz,DC=abc,DC=com</role-name>
</security-role>
.
.


Jetty.xml :
.
.
.
<Call name="addBean">
      <Arg>
          <New class="org.eclipse.jetty.plus.jaas.JAASLoginService">
           <Set name="Name">Test JAAS Realm</Set>
           <Set name="LoginModuleName">ldaploginmodule</Set>
          </New>
      </Arg>
    </Call>
.
.


Could you help me?
Thanks.


Back to the top