You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@geronimo.apache.org by VPCL <ve...@hotmail.com> on 2013/04/03 23:09:20 UTC

Geronino 2.2 LDAP REALM > OpenLDAP not quite working...

Hi:I'm currently using Geronimo 2.2 and OpenLDAP: slapd 2.3.43.I’m trying to
create an LDAP Security Realm on the Geronimo server that will query my
OpenLDAP server. For the most part, it works. However, the realm cannot seem
to differentiate between the two different groups on the LDAP server.
Resulting in any member being authenticated no matter which group they
belong to, which is not what I want. I’m only trying to authenticate users
if they are members of the 'CLINICS' group.Here’s how my LDAP is
setup:dc=mydomain,dc=on,dc=ca		(objectClass=dcObject, organization) 
ou=groups			(objectClass=organizationalUnit)    cn=ADMIN		
(objectClass=groupOfUniqueNames)    cn=CLINICS		
(objectClass=groupOfUniqueNames)     
uid=User1,ou=people,dc=mydomain,dc=on,dc=ca     
uid=User2,ou=people,dc=mydomain,dc=on,dc=ca     
uid=User3,ou=people,dc=mydomain,dc=on,dc=ca    cn=SUPPLIERS		
(objectClass=groupOfUniqueNames)     
uid=Supplier1,ou=people,dc=mydomain,dc=on,dc=ca     
uid=Supplier2,ou=people,dc=mydomain,dc=on,dc=ca  ou=people		
(objectClass=organizationalUnit)    uid=User1			(objectClass=inetOrgPerson)   
uid=User2			(objectClass=inetOrgPerson)    uid=User3		
(objectClass=inetOrgPerson)    uid=Supplier1			(objectClass=inetOrgPerson)   
uid=Supplier1			(objectClass=inetOrgPerson)On the Geronimo Side, here is how
I set up my realm:Initial Context Factory:
com.sun.jndi.ldap.LdapCtxFactoryConnection URL: ldap://localhost:389Connect
Username: cn=someuser,dc=mydomain,dc=on,dc=ca Connect Password:
secretConfirm Password: secretConnect Protocol:Authentication: simpleUser
Base: ou=people,dc=mydomain,dc=on,dc=ca User Search Matching: uid={0}User
Search Subtree: falseRole Base: cn=CLINICS,ou=groups,dc=vpcl,dc=on,dc=caRole
Name: cnRole User Search String: uid={0}Role Search Subtree: falseUser Role
Search String: memberOf={0}I’ve tried replacing the ‘User Search Matching’
and or the ‘Role User Search String’ with stuff
like:(&(uid={0})(cn=CLINICS,ou=groups,dc=mydomain,dc=on,dc=ca)(attr=uniqueMember))But
it’s just not working out. On a side note: I do have Apache directives using
this LDAP database as well as some PHP Applications. I just don’t know why I
can’t get Geronimo to work with it.Any help would be
appreciated.Thanks...Fred



--
View this message in context: http://apache-geronimo.328035.n3.nabble.com/Geronino-2-2-LDAP-REALM-OpenLDAP-not-quite-working-tp3986518.html
Sent from the Users mailing list archive at Nabble.com.