Built with Seam

You can find the full source code for this website in the Seam package in the directory /examples/wiki. It is licensed under the LGPL.

Configure Seam with OpenLDAP

This scenario will help you configure LDAP authentication with XML Login Service. There is other way to do it in different module.

In components.xml change

<security:identity 
 security-rules="#{securityRules}"
 authenticate-method="#{authenticator.authenticate}" 
 remember-me="true" 
 jaas-config-name="openLDAPAuth"/>

openLDAPAuth is the name you will define in application-policy later.

In jboss-app.xml add

<module>               
   <service>openLDAP-login-service.xml</service>
</module>

after loader-repository tag.

Add new file openLDAP-login-service.xml to classpath

<?xml version="1.0" encoding="UTF-8"?>
<server>
    <mbean code="org.jboss.security.auth.login.DynamicLoginConfig"
           name="FWLogistics:service=DynamicLoginConfig">
        <attribute name="AuthConfig">openLDAP-login-config.xml</attribute>
        <depends optional-attribute-name="LoginConfigService">
            jboss.security:service=XMLLoginConfig
        </depends>
        <depends optional-attribute-name="SecurityManagerService">
            jboss.security:service=JaasSecurityManager
        </depends>
    </mbean>
</server>

Add openLDAP-login-config.xml to same place/classpath

<?xml version='1.0'?>
<!DOCTYPE policy PUBLIC
          "-//JBoss//DTD JBOSS Security Config 3.0//EN"
          "http://www.jboss.org/j2ee/dtd/security_config.dtd">
<policy>
        <application-policy name="openLDAPAuth">
                <authentication>
                        <login-module
                                code="org.jboss.security.auth.spi.LdapExtLoginModule"
                                flag="required">
                                <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
                                <module-option name="java.naming.provider.url">ldap://ldap.host.com:389/</module-option>
                                <module-option name="java.naming.security.authentication">simple</module-option>
                                <module-option name="bindDN">cn=Rootuser,dc=domain</module-option>
                                <module-option name="bindCredential">passwd</module-option>
                                <module-option name="baseCtxDN">ou=People,dc=domain</module-option>
                                <module-option name="baseFilter">(uid={0})</module-option>

                                <module-option name="rolesCtxDN">ou=Roles,ou=apps,dc=domain</module-option>
                                <module-option name="roleFilter">(member={1})</module-option>
                                <module-option name="roleAttributeID">cn</module-option>
                        </login-module>
                </authentication>
        </application-policy>
</policy>

In LDAP, user must be defined with

objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson (optional)
objectClass: account (optional)
objectClass: posixAccount
objectClass: top

That's it! After username and password is authenticated against LDAP, roles will also be retrieved and added to Identity object in Seam.

good

Tags: hhh

Created: 07. Mar 2008, 14:17 America/New_York (Tim Pham)

Last Modified: 31. Oct 2011, 15:23 America/New_York (Shane Bryzak)