Problems to get roles from MS AD via Elytrron and Wildfly 26.1.3

67 views
Skip to first unread message

Peter Jonsson

unread,
Apr 25, 2023, 9:08:38 AM4/25/23
to WildFly
 Hi,

I have had a succesful connection towards the very same AD server from a WF24 using the legacy security, sample from standalone-full.xml below.

In the ELYTRON+WF26 case, I haven't figured out HOWTO set the attributes for 

roleAttributeIsDN and roleNameAttributeID

The WF is making the query to the AD and the authentication (user+pass) works OK 

Any ideas? 

Have you successfully connected a WF26+Elytron towards an MSAD, I would love to take a peek at your standalone....xml section
 <subsystem xmlns="urn:wildfly:elytron:15.1"....

Thanks in advance.

****  working sample from a WF24 security legacy  ******
<login-module code="LdapExtended" flag="optional">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://myserver.com:389"/>
<module-option name="java.naming.referral" value="follow"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="MYDOMAIN\ldap_user"/>
<module-option name="bindCredential" value="secret"/>
<module-option name="baseCtxDN" value="dc=ismobile,dc=ismobilehq,dc=com"/>
<module-option name="baseFilter" value="(&amp;(sAMAccountName={0})(objectclass=User))"/>
<module-option name="rolesCtxDN" value="dc=ismobile,dc=ismobilehq,dc=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="allowEmptyPasswords" value="false"/>
<module-option name="roleRecursion" value="-1"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="unauthenticatedIdentity" value="anonymous"/>
</login-module>



Elia Zaides

unread,
Apr 25, 2023, 4:18:58 PM4/25/23
to WildFly
this configurations is for an old picketbox configuration that is obsolete in Wildfly 26. 

Is it part of a jaas configuration? If yes you can use the elytron JAAS security realm.

Peter Jonsson

unread,
Apr 26, 2023, 12:03:57 PM4/26/23
to WildFly
Thnx for your reply. 
As I wrote, I am using Elytron since I am on WF26 but the problem was a bit down that path.

Anyway: My issue is resolved

Reply all
Reply to author
Forward
0 new messages