Hey Moses,
Thanks for the quick response. I was in a hurry to get ControlTier up
and running, so I downgraded to the stable release(ctier-
server-3.6.0-1) - alas, still issues:
I think I narrowed down my previous use cases to be based on:
Changing: forceBindingLogin="false"
To: forceBindingLogin="true"
My guess is that this setting controls whether the user must bind
before auth, or not.
So, after setting forceBindingLogin="false" - I am unable to
authenticate valid users.
I get the following warnings in jetty log:
2011-08-29 14:00:28.065::WARN:
javax.security.auth.login.LoginException: Login Failure: all modules
ignored
2011-08-29 14:00:28.066::WARN: AUTH FAILURE: user username
Config changes only from
http://doc36.controltier.org/wiki/Jetty_LDAP_integration
:
LDAP Server = CentOS DS (RedHat and OpenLDAP compatible)
${JETTY_HOME}/etc/ldap-loginModule.conf
ldaploginmodule {
com.controltier.ctl.webad.jaas.JettyCachingLdapLoginModule
required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
hostname="my.ldap.host"
port="389"
bindDn="cn=BindME,ou=profile,dc=mine,dc=com"
bindPassword="password"
authenticationMethod="simple"
forceBindingLogin="false"
userBaseDn="ou=People,dc=mine,dc=com"
userRdnAttribute="uid"
userIdAttribute="uid"
userPasswordAttribute="userPassword"
userObjectClass="person"
roleBaseDn="ou=CtierRoles,dc=mine,dc=com"
roleNameAttribute="cn"
roleMemberAttribute="uniqueMember"
roleObjectClass="groupOfUniqueNames";
};
I also updated:
$JETTY_HOME/etc/jetty.xml
CONFIG_PROPS in both etc/ctierrc and /etc/default/ctier
Some LDAP Searches as requested:
User:
ldapsearch -x -H ldap://my.ldap.host:389/ -
Dcn=BindME,ou=profile,dc=mine,dc=com -wpassword -b
'ou=People,dc=mine,dc=com' "(&(objectClass=person)(uid=username))"
Returns all "username" users attributes
Roles:
ldapsearch -x -H ldap://my.ldap.host:389/ -
Dcn=BindME,ou=profile,dc=mine,dc=com -wpassword -b
'ou=CtierRoles,dc=mine,dc=com' cn
# base <ou=CtierRoles,dc=mine,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: cn
#
# CtierRoles,
mine.com
dn: ou=CtierRoles,dc=mine,dc=com
# architect, CtierRoles,
mine.com
dn: cn=architect,ou=CtierRoles,dc=mine,dc=com
cn: architect
# admin, CtierRoles,
mine.com
dn: cn=admin,ou=CtierRoles,dc=mine,dc=com
cn: admin
# user, CtierRoles,
mine.com
dn: cn=user,ou=CtierRoles,dc=mine,dc=com
cn: user
# build, CtierRoles,
mine.com
dn: cn=build,ou=CtierRoles,dc=mine,dc=com
cn: build
# deploy, CtierRoles,
mine.com
dn: cn=deploy,ou=CtierRoles,dc=mine,dc=com
cn: deploy
Role Membership:
ldapsearch -x -H ldap://my.ldap.host:389/ -
Dcn=BindME,ou=profile,dc=mine,dc=com -wpassword -b
'cn=user,ou=CtierRoles,dc=mine,dc=com'
# base <cn=user,ou=CtierRoles,dc=mine,dc=com> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# user, CtierRoles,
mine.com
dn: cn=user,ou=CtierRoles,dc=mine,dc=com
cn: user
uniqueMember: uid=username,ou=People,dc=mine,dc=com
objectClass: top
objectClass: groupofuniquenames
Thanks,
Bryan
On Aug 29, 1:20 pm, Moses Lei <
m...@dtosolutions.com> wrote:
> Can you attach your LDAP configuration for us, and a sample query (redact if
> necessary) of a directory entry from ldapsearch (or from the ldif file)?
>
> Thanks
>
> Moses
>
> --
> Moses Lei
> [ Professional Services | DTO Solutions, Inc. ]
> [ mobile:
+1 703.901.5969 | e-mail:
m...@dtosolutions.com | aim/gtalk:
>
m...@controltier.com | yahoo: moseslei | windows live (msn):
>
m...@dtosolutions.com ]