Hi,
This was an issue which was fixed recently (on Feb 3). The aliases
should work with the create-auth-realm commands in the latest builds.
Thanks
Nithya
On Monday 26 March 2012 06:07 PM, Laird Nelson wrote:
> On Mon, Mar 26, 2012 at 1:09 AM, Anissa Lam <anissa.lam_at_oracle.com
> <mailto:anissa.lam_at_oracle.com>> wrote:
>
> On 3/25/12 5:36 PM, Laird Nelson wrote:
>> I used [a password alias] in setting up an LDAP realm. The
>> command line worked great. I did notice that the actual password
>> value is present in the GUI.
>
> I assume you are using the console to create this LDAP realm. You
> specify the property value to be ${ALIAS=the-alias-name-i-use},
> and then when you look at the page again, the property value is
> decoded to be the actual password.
>
>
> Yes, except that I actually used the command line (on Linux):
>
> asadmin --port=7048 create-auth-realm
> <http://docs.oracle.com/cd/E26576_01/doc.312/e24938/create-auth-realm.htm#create-auth-realm-1>--classname
> "com.sun.enterprise.security.auth.realm.ldap.LDAPRealm" --property
> "jaas-context=ldapRealm:directory=ldap\://myhost.goes.here\:389:base-dn=ou\=Users,ou\=SomeOrgUnit,o\=mycompany.com
> <http://mycompany.com>:search-filter=cn\=%s:group-base-dn=ou\=Roles,ou\=SomeOrgUnit,o\=mycompany.com
> <http://mycompany.com>:group-search-filter=member\=%d:group-target=cn:search-bind-dn=cn\=adminuser,ou\=Users,ou\=SomeOrgUnit,o\=mycompany.com
> <http://mycompany.com>:search-bind-password=${ALIAS=ldaprealm-password}"
> "MyRealm"
>
> I did run into some troubles with equals signs (as you might expect),
> but a combination of backslashes and quoting solved the problem (as
> you also might expect :-)). In reality, I can't remember whether the
> --property option was quoted with single quotes or double quotes; I
> believe that actually as I have it written above there's still going
> to be a case where the shell wants to jump in and try to expand
> ${ALIAS=ldaprealm-password} in some way; I may be missing a backslash
> or two above. (This formulation above is the only record I have of a
> series of attempts I made.)
>
> I tried and experience the same thing as you are seeing.
> I notice that even though the console is passing in
> ${ALIAS=the-alias-name-i-choose} to the backend to create the
> realm, it is written out to domain.xml with the value decoded.
>
>
> Oh, I didn't even check that...
>
> {time passes}
>
> ...yep; here too.
>
> I am seeing this in domain.xml after the creation:
>
> <auth-realm name="myLdapRealm"
> classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm">
> <property name="directory" value="/tmp"></property>
> <property name="base-dn" value="C=US"></property>
> *<property name="TEST" value="abc"></property>*
> <property name="jaas-context" value="ldapRealm"></property>
> </auth-realm>
>
>
> Yes.
>
> Please file a bug on this. create-auth-realm command should not
> decode and write out the password in plain text in domain.xml when
> user is using a password alias.
>
>
> Good; I didn't think so. Bug filed:
> http://java.net/jira/browse/GLASSFISH-18557
>
> Best,
> Laird
>
> --
> http://about.me/lairdnelson
>