hi there, First I just want to say that I'm new to glassfish and I'm
trying to moe my webapplication over from tomcat to glassfish but I have
not so far managed to do that, I got several problems that I would like
to ask questions about, but I'll take one question at a time in
different emails .-)
the first question I have is about ldap authentication.
first a little bit of facts.
Glassfish: v2ur1-b09d-linux
OpenDS: v1.0.0-build014
OS: Mandriva linux 2008.1 (fully patched)
Java: Open_JDK Server build 1.7.0-b24 / Java SE 1.6.0_06-b02
MySQL: 5.0.51a
Now to my problem.. I cannot get authentication via ldap to work, and
I'm not sure what is wrong, I've searched, I've tried different
combinations, but I just cannot see what is wrong, so I turn to you.
after the installation of all the above components I started up
glassfish, went into the administration console, and started configure
the stuff for my webapplication.
I added a new realm called Intranet where I setup the ldap stuff, I
changed my web.xml so that it should have used the Intranet realm, I
added an sun-web.xml where I configured the role mappings (I think).
after that I deployed my webapplication (against a directory on the
machine, since this is for testing/development) and restarted glassfish
(I might not have needed that, but I did it anyway)
after glassfish had restarted, I started firefox nd surfed to the web
application with an address that should had invoked the
authentication... and got right in.
I have been stuck with this problem now for 2 days, searching the net,
checking stuff, and still the same.. I have also tried to reduce the
configuration to just the bare stuff, and even tried to do it with
another webapplication (hello world test) and I cannot get it working
there either.. I ave also tried using a different realm (admin-realm)
but no go..
so if anyone here can help me I would be very grateful.
the relevant parts from
[GLASSFISH-INSTALL-DIR]/domains/domain1/config/domain.xml from (if more
information is needed I'll provide it if I know what to provide .-)
<domain application-root="${com.sun.aas.instanceRoot}/applications"
log-root="${com.sun.aas.instanceRoot}/logs">
<configs>
<security-service
activate-default-principal-to-role-mapping="false"
anonymous-role="AttributeDeprecated" audit-enabled="false"
audit-modules="default" default-realm="file" jacc="default">
<auth-realm
classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
name="Intranet">
<property name="group-base-dn"
value="dc=Roles,dc=example,dc=com"/>
<property name="group-target" value="cn"/>
<property name="jaas-context" value="ldapRealm"/>
<property name="base-dn" value="dc=Persons,dc=example,dc=com"/>
<property name="directory" value="ldap://localhost:8389"/>
</auth-realm>
</security-service>
</management-rules>
</config>
</configs>
</domain>
the relevant part of [WEB-APP-DIR]/WEB-INF/web.xml
<web-app>
<security-constraint>
<web-resource-collection>
<web-resource-name>Intranett</web-resource-name>
<url-pattern>/index.jsp</url-pattern>
</web-resource-collection>
<auth-constraint>
<role-name>USER</role-name>
</auth-constraint>
</security-constraint>
<login-config>
<auth-method>FORM</auth-method>
<realm-name>Intranet</realm-name>
<form-login-config>
<form-login-page>/login.jsp</form-login-page>
<form-error-page>/login.jsp</form-error-page>
</form-login-config>
</login-config>
</web-app>
the relevant part of [WEB-APP-DIR]/WEB-INF/sun-web.xml
<sun-web-app>
<security-role-mapping>
<role-name>USER</role-name>
<group-name>USER</group-name>
</security-role-mapping>
</sun-web-app>
I'm not sure how this sun-web.xml should look like, but I think it is
right I have tried to not use any sun-web.xml also
and in the ldap settings I have tried to do without group-base-dn and
group-target.
So if anyone can help me, please feel free to do so :-)