So Line 52 of ASLoginDriverImpl.java has the ASADMIN_GROUP 'hard coded'.
glassfish/appserv-core/src/java/com/sun/enterprise/admin/server/core/jmx/auth/ASLoginDriverImpl.java
My work around was to copy some files from glassfish, make a few changes and use
the new classes when defining the admin-realm. You have GOT to love open source!!
Steps taken:
1a) Copy the LDAPRealm.java class to and made changed to package from com.sun... to com.blackdoorinc....
glassfish/appserv-core/src/java/com/sun/enterprise/security/auth/realm/ldap/LDAPRealm.java
1b) Changed the class it extends from IASRealm to AppservRealm (can not remember why I did this at this point)
public final class LDAPRealm extends AppservRealm
1c) Added these three lines:
public static final String PARAM_ADMIN_GRP_NAME="admin-group-name"; //Param to specify the LDAP admin group to key off of when determining authorization.
public static final String DEFAULT_ADMIN_GRP_NAME="asadmin"; // Redeclared this but may not needed to.
private boolean authBasedOnDefaultAdminGrpName = true; //a boolean to help determine if the default admin group will be in LDAP or use a different group
1d) Added this to the init method.
String adminGroupName = props.getProperty(PARAM_ADMIN_GRP_NAME, DEFAULT_ADMIN_GRP_NAME);
this.setProperty(PARAM_ADMIN_GRP_NAME, adminGroupName);
if(! DEFAULT_ADMIN_GRP_NAME.equals(adminGroupName) )
{
_logger.log(Level.INFO, "LDAPRealm : Mapping users with LDAP group '" + adminGroupName + "' to '" + DEFAULT_ADMIN_GRP_NAME + "' enabled.");
this.authBasedOnDefaultAdminGrpName = false;
}
1e) Added the line to findAndBind() method right before setGroupNames() was called.
grpList = addDefaultAdminGroup(grpList);
1f) Added this method:
protected String[] addDefaultAdminGroup(String[] grps) {
String[] resultGroups = grps;
if(! authBasedOnDefaultAdminGrpName)
{
List<String> groupList = new ArrayList<String>();
if (grps != null && grps.length > 0) {
for (String grp : grps) {
groupList.add(grp);
}
}
String adminGroupName = this.getProperty(PARAM_ADMIN_GRP_NAME);
_logger.log(Level.FINE, "LDAPRealm (addDefaultAdminGroup): Is user part of LDAP group " + adminGroupName + "?");
if(groupList.contains(adminGroupName) && !groupList.contains(DEFAULT_ADMIN_GRP_NAME))
{
groupList.add(DEFAULT_ADMIN_GRP_NAME);
_logger.log(Level.INFO, "LDAPRealm (addDefaultAdminGroup): User is in LDAP group '" + adminGroupName + "'. Added '" + DEFAULT_ADMIN_GRP_NAME + "' to group list.");
}
resultGroups = groupList.toArray(new String[groupList.size()]);
}
return resultGroups;
}
2a) Copied the LDAPLoginModule.java
glassfish/??/src/java/com/sun/enterprise/security/auth/login/LDAPLoginModule.java
2b) Changed package and imports to reflect the change from com.sun... to com.blackdoorinc....
import com.blackdoorinc.enterprise.security.auth.realm.ldap.LDAPRealm;
3) Modified the login.conf file to include the new files.
blackdoorincLdapRealm {
com.blackdoorinc.enterprise.security.auth.login.LDAPLoginModule required;
};
FYI: The domain.xml has the following for the admin-realm:
<auth-realm classname="com.blackdoorinc.enterprise.security.auth.realm.ldap.LDAPRealm" name="admin-realm">
<property name="admin-group-name" value="MIDTIERAdmin"/>
<property name="group-search-filter" value="member=%d"/>
<property name="search-bind-password" value="adminadmin"/>
<property name="search-bind-dn" value="cn=admin,dc=blackdoorinc,dc=com"/>
<property name="jaas-context" value="blackdoorincLdapRealm"/>
<property name="base-dn" value="dc=blackdoorinc,dc=com"/>
<property name="directory" value="ldap://localhost:389"/>
</auth-realm>
[Message sent by forum member 'blackdoorinc' (blackdoorinc)]
http://forums.java.net/jive/thread.jspa?messageID=269815