This works. I created an ldap repository with the following group:
dn: cn=asadmin,ou=Groups,dc=blackdoorinc,dc=com
objectClass: top
objectClass: groupOfNames
cn: asadmin
description: Admins of the SUN App server
member: cn=admin,dc=blackdoorinc,dc=com
The user 'admin' is also defined and imported into the ldap repository.
I modify admin-realm to:
<auth-realm classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
name="admin-realm">
<property name="group-search-filter" value="member=%d"/>
<property name="search-bind-password" value="password_goes_here"/>
<property name="search-bind-dn" value="cn=admin,dc=blackdoorinc,dc=com"/>
<property name="jaas-context" value="ldapRealm"/>
<property name="base-dn" value="dc=blackdoorinc,dc=com"/>
<property name="directory" value="ldap://localhost:389"/>
</auth-realm>
So this is all fine IF the company you are working with is OK with an LDAP group named 'asadmin'.
NOTE: I was also able to get all authenticated users (via LDAP) to work just by setting the 'assign-groups' = 'asadmin'.
I am just starting to dig and figure out LDAP search and filter technology/techniques. IF I can not change the group name the application expects, can I get an LDAP search/filter to only authenticate users which are a member of a given group and use it in conjunction with 'assign-groups'?
[Message sent by forum member 'blackdoorinc' (blackdoorinc)]
http://forums.java.net/jive/thread.jspa?messageID=267906