The Source for Java Technology Collaboration

Home » java.net Forums » GlassFish » GlassFish

Thread: Active Directory LDAP Realm Configuration

Welcome, Guest Help
Login Login
Guest Settings Guest Settings
Reply to this Thread Reply to this Thread Search Forum Search Forum Back to Thread List Back to Thread List

Permlink Replies: 1 - Last Post: Jun 26, 2007 6:58 AM by: johnnymac
bryanking

Posts: 1
Active Directory LDAP Realm Configuration
Posted: May 4, 2007 9:51 AM
  Click to reply to this thread Reply

Using Sun Java System Application Server 9.1 (build b33e-beta)

I am trying to create a new LDAP Realm for Active Directory, here are the properties as I enter them into Edit Realm in the admin console. I named the realm "ActiveDirectoryRealm"

base-dn: dc=mydomain,dc=com
directory: ldap://myldapserver:389
group-target: memberOf
group-search-filter: (&(objectClass=user)(userPrincipalName=%s))
jaas-context: ldapRealm

I am running a simple test calling methods on a session bean, which has the following entry in sun-ejb-jar.xml config

<ior-security-config>
<as-context>
<auth-method>USERNAME_PASSWORD</auth-method>
<realm>ActiveDirectoryRealm</realm>
<required>true</required>
</as-context>
</ior-security-config>


I supply credentials in the form of username@mydomain.com, and I also tried just username, but the server is rejecting the login. If I go totally outside the appserver and write a standalone piece that uses LdapContext to authenticate it works fine, so I figure it must be the properties I am supplying to the LDAPRealm. Has anyone achieved this? Thanks for any help.

johnnymac

Posts: 2
Re: Active Directory LDAP Realm Configuration
Posted: Jun 26, 2007 6:58 AM   in response to: bryanking
  Click to reply to this thread Reply

I managed to authenticate users with our Active Directory in glassfish by configuring the LDAPRealm like this:

Directory = ldap://ldap.server.org:389
base DN = dc=ldap,dc=server,dc=org
search-filter=(&(objectClass=user)(sAMAccountName=%s))
group-search-filter=(&(objectClass=group)(member=%d))

It is necessary to authenticate to the LDAP directory to view and search objects:
search-bind-dn=cn=user name,ou=users,dc=ldap,dc=server,dc=org
search-bind-password=your password

The user is authenticated successfully and the groups it belongs to are retrieved correctly, but I still get a stack trace when the LDAPRealm performs a "dynamic group search":

javax.naming.directory.NoSuchAttributeException: [LDAP: error code 16 - 00000057: LdapErr: DSID-0C0905A4, comment: Error processing filter...

I couldn't find a way to disable this second group search, which doesn't seem to be necessary in this case...


Point your RSS reader here for a feed of the latest messages in all forums
Go Back Back to Thread List



 XML java.net RSS
Feedback  | FAQ  | Press | Terms of Use
Privacy  |  Trademarks | Site Map
 
Your use of this web site or any of its content or software indicates your agreement to be bound by these Terms of Participation.
 
Copyright © 1995-2006 Sun Microsystems, Inc.
Collabnet Logo Cognisync Communities
Powered by Sun Microsystems, Inc.,
CollabNet and Cognisync