users@glassfish.java.net

Re: Multiple LDAP authentication realms

From: V B Kumar Jayanti <Vbkumar.Jayanti_at_Sun.COM>
Date: Tue, 22 Jan 2008 15:01:25 +0530

Kenneth Clark wrote:

> Hi, I found how to do it. The only thing I am struggling with now is
> that the user is not being assigned any groups. I have set the
> group-base-dn and enable default to principal mapping but it ain’t
> working.
>
group-memberships can be configured in LDAP and group memberships can
also be configured as assign-groups. In your LDAP Realm in domain.xml
add the assign-groups property. If you are looking for setting the
assign-groups property then as an example , here is what i have in my
domain.xml

<auth-realm
classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
name="OpenDS">
          <property name="directory" value="ldap://localhost:389"/>
          <property name="assign-groups" value="ou=Groups,dc=sun,dc=com"/>
          <property name="assign-groups" value="LDAPAuthorizedGroup"/>
          <property name="base-dn" value="dc=sun,dc=com"/>
          <property name="jaas-context" value="ldapRealm"/>
        </auth-realm>

see the assign-groups property above.

>
>
> ________________
>
> Thanks and regards
>
>
>
> *Kenneth Clark*
>
> Solutions Engineer
>
>
>
> ShadowLogo.png
>
> *Tel:** *27 (0) 11 679 3075
>
> *Fax: *27 (0) 86 647 4819
>
> *Mobile:** *27 (0) 84 583 1348
>
> *Email:** *_kenneth.clark_at_skyetech.co.za
> <mailto:kenneth.clark_at_skyetech.co.za>_
>
> *Website:** *http://www.skyetech.co.za**
>
>
>
> *From:* Kenneth Clark [mailto:kenneth.clark_at_skyetech.co.za]
> *Sent:* 22 January 2008 00:06
> *To:* users_at_glassfish.dev.java.net
> *Subject:* Multiple LDAP authentication realms
>
>
>
> Is it possible to set up multiple authentication realms running off
> one ldap server?
>
>
>
> ________________
>
> Thanks and regards
>
>
>
> *Kenneth Clark*
>
> Solutions Engineer
>
>
>
> ShadowLogo.png
>
> *Tel:** *27 (0) 11 679 3075
>
> *Fax: *27 (0) 86 647 4819
>
> *Mobile:** *27 (0) 84 583 1348
>
> *Email:** *_kenneth.clark_at_skyetech.co.za
> <mailto:kenneth.clark_at_skyetech.co.za>_
>
> *Website:** *http://www.skyetech.co.za**
>
>
>
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.7/1234 - Release Date:
> 2008/01/20 14:15
>
>
>
> No virus found in this incoming message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.7/1234 - Release Date:
> 2008/01/20 14:15
>
>
> No virus found in this outgoing message.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.19.7/1234 - Release Date:
> 2008/01/20 14:15
>