jaas-ldap.conf, adding multiple ldap groups
764 views
Skip to first unread message
paul_bruno
Oct 15, 2012, 1:10:33 PM10/15/12
to rundeck-discuss
is it possible to configure jaas-ldap.conf for multiple ldap groups?
Can you double up on ldap {} structures? My file shows this, but i
also need Group2 and a slightly different ldap path as well. Thanks,
paul
ldap {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule
required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://server.xxx.com:389"
bindDn="User...@xxx.com"
bindPassword="xxxx"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="cn=Users,dc=xxxx,dc=com"
userRdnAttribute="cn"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="CN=Group1,OU=Groups,OU=Users,DC=xxxx,DC=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true";
};
Can you double up on ldap {} structures? My file shows this, but i
also need Group2 and a slightly different ldap path as well. Thanks,
paul
ldap {
com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule
required
debug="true"
contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
providerUrl="ldap://server.xxx.com:389"
bindDn="User...@xxx.com"
bindPassword="xxxx"
authenticationMethod="simple"
forceBindingLogin="true"
userBaseDn="cn=Users,dc=xxxx,dc=com"
userRdnAttribute="cn"
userIdAttribute="sAMAccountName"
userPasswordAttribute="unicodePwd"
userObjectClass="user"
roleBaseDn="CN=Group1,OU=Groups,OU=Users,DC=xxxx,DC=com"
roleNameAttribute="cn"
roleMemberAttribute="member"
roleObjectClass="group"
cacheDurationMillis="300000"
reportStatistics="true";
};
Greg Schueler
Oct 15, 2012, 9:31:20 PM10/15/12
to rundeck...@googlegroups.com
Hi Paul,
I believe you should be able to use multiple ldap loginmodule entries to get that effect.
Here is a page I added to the wiki recently to describe how to configure multiple JAAS login modules in the same named configuration: https://github.com/dtolabs/rundeck/wiki/Multiple-authentication-modules
I have not tested it, but I think you would define two ldap login module configs to both have the 'required' flag.
paul_bruno
Oct 16, 2012, 10:58:58 AM10/16/12
to rundeck-discuss
I tried this out, but no go. Kept getting Invalid Use name or password
on the login page when using the multiauth { } block.
On Oct 15, 9:31 pm, Greg Schueler <g...@dtosolutions.com> wrote:
> Hi Paul,
>
> I believe you should be able to use multiple ldap loginmodule entries to
> get that effect.
>
> Here is a page I added to the wiki recently to describe how to configure
> multiple JAAS login modules in the same named configuration:https://github.com/dtolabs/rundeck/wiki/Multiple-authentication-modules
>
> I have not tested it, but I think you would define two ldap login module
> configs to both have the 'required' flag.
>
>
>
> On Mon, Oct 15, 2012 at 10:10 AM, paul_bruno <pbr...@navinet.net> wrote:
> > is it possible to configure jaas-ldap.conf for multiple ldap groups?
> > Can you double up on ldap {} structures? My file shows this, but i
> > also need Group2 and a slightly different ldap path as well. Thanks,
> > paul
>
> > ldap {
> > com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule
> > required
> > debug="true"
> > contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
> > providerUrl="ldap://server.xxx.com:389"
> > bindDn="UserL...@xxx.com"
on the login page when using the multiauth { } block.
On Oct 15, 9:31 pm, Greg Schueler <g...@dtosolutions.com> wrote:
> Hi Paul,
>
> I believe you should be able to use multiple ldap loginmodule entries to
> get that effect.
>
> Here is a page I added to the wiki recently to describe how to configure
> multiple JAAS login modules in the same named configuration:https://github.com/dtolabs/rundeck/wiki/Multiple-authentication-modules
>
> I have not tested it, but I think you would define two ldap login module
> configs to both have the 'required' flag.
>
>
>
> On Mon, Oct 15, 2012 at 10:10 AM, paul_bruno <pbr...@navinet.net> wrote:
> > is it possible to configure jaas-ldap.conf for multiple ldap groups?
> > Can you double up on ldap {} structures? My file shows this, but i
> > also need Group2 and a slightly different ldap path as well. Thanks,
> > paul
>
> > ldap {
> > com.dtolabs.rundeck.jetty.jaas.JettyCachingLdapLoginModule
> > required
> > debug="true"
> > contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
> > providerUrl="ldap://server.xxx.com:389"
Greg Schueler
Oct 16, 2012, 12:24:41 PM10/16/12
to rundeck...@googlegroups.com
Hi Paul,
Is there any information in the debug output for the login modules?
Sorry, it may be that the login module would have to be updated to support that kind of stacking.
paul_bruno
Oct 16, 2012, 2:26:43 PM10/16/12
to rundeck-discuss
I looked in /var/log/rundeck various log files, nothing.. Sorry, but
where would I find any debug out?
where would I find any debug out?
Reply all
Reply to author
Forward
0 new messages