users@glassfish.java.net

Re: Does the administrators group have a fixed name of 'asadmin'?

From: <glassfish_at_javadesktop.org>
Date: Sun, 06 Apr 2008 21:38:25 PDT

This works. I created an ldap repository with the following group:
dn: cn=asadmin,ou=Groups,dc=blackdoorinc,dc=com
objectClass: top
objectClass: groupOfNames
cn: asadmin
description: Admins of the SUN App server
member: cn=admin,dc=blackdoorinc,dc=com

The user 'admin' is also defined and imported into the ldap repository.
I modify admin-realm to:
       <auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
                          name="admin-realm">
          <property name="group-search-filter" value="member=%d"/>
          <property name="search-bind-password" value="password_goes_here"/>
          <property name="search-bind-dn" value="cn=admin,dc=blackdoorinc,dc=com"/>
          <property name="jaas-context" value="ldapRealm"/>
          <property name="base-dn" value="dc=blackdoorinc,dc=com"/>
          <property name="directory" value="ldap://localhost:389"/>
        </auth-realm>

So this is all fine IF the company you are working with is OK with an LDAP group named 'asadmin'.

NOTE: I was also able to get all authenticated users (via LDAP) to work just by setting the 'assign-groups' = 'asadmin'.

I am just starting to dig and figure out LDAP search and filter technology/techniques. IF I can not change the group name the application expects, can I get an LDAP search/filter to only authenticate users which are a member of a given group and use it in conjunction with 'assign-groups'?
[Message sent by forum member 'blackdoorinc' (blackdoorinc)]

http://forums.java.net/jive/thread.jspa?messageID=267906