Description
My preliminary testing with OpenDS has been a success. I was able to secure a jmx-console using the LdapLoginModule with the example1.ldif in
http://wiki.jboss.org/wiki/Wiki.jsp?page=LdapExtLoginModule
Since the configuration of OpenDS is based on scripts that internally call java classes, it should be easy to integrate it into HEAD testsuite.
My prelim testing details:
====================================================================
C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>start-ds
[12/Sep/2006:12:57:14 -0500] category=CORE severity=NOTICE id=458886 msg="OpenDS
Directory Server 0.1-build007 starting up."
[12/Sep/2006:12:57:15 -0500] category=BACKEND severity=NOTICE id=8847402 msg="A
database backend containing 1 entries has started."
[12/Sep/2006:12:57:16 -0500] category=CONFIG severity=SEVERE_WARNING id=3277325
msg="Access control has been disabled."
[12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458887 msg="The Di
rectory Server has started successfully."
[12/Sep/2006:12:57:17 -0500] category=CORE severity=NOTICE id=458891 msg="The Di
rectory Server has sent an alert notification generated by class org.opends.serv
er.core.DirectoryServer (alert type org.opends.server.DirectoryServerStarted, al
ert ID 458887): The Directory Server has started successfully.."
================================================================================
=============================================================================
C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapmodify -h localhost
-D "cn=Directory Manager" -w password -a -f a.ldif
Processing ADD request for dc=jboss,dc=org.
ADD operation successful for DN dc=jboss,dc=org.
Processing ADD request for ou=People,dc=jboss,dc=org.
ADD operation successful for DN ou=People,dc=jboss,dc=org.
Processing ADD request for uid=jduke,ou=People,dc=jboss,dc=org.
ADD operation successful for DN uid=jduke,ou=People,dc=jboss,dc=org.
Processing ADD request for ou=Roles,dc=jboss,dc=org.
ADD operation successful for DN ou=Roles,dc=jboss,dc=org.
Processing ADD request for cn=Echo,ou=Roles,dc=jboss,dc=org.
ADD operation successful for DN cn=Echo,ou=Roles,dc=jboss,dc=org.
Processing ADD request for cn=TheDuke,ou=Roles,dc=jboss,dc=org.
ADD operation successful for DN cn=TheDuke,ou=Roles,dc=jboss,dc=org.
===============================================================================
==============================================================================
C:\cygwin\home\asaldhana\opends\OpenDS-0.1-build007\bin>ldapsearch -h localhost
-b "dc=jboss,dc=org" -s sub "objectclass=*"
dn: dc=jboss,dc=org
objectClass: top
objectClass: dcObject
objectClass: organization
o: JBoss
dc: jboss
dn: ou=People,dc=jboss,dc=org
objectClass: top
objectClass: organizationalUnit
ou: People
dn: uid=jduke,ou=People,dc=jboss,dc=org
objectClass: top
objectClass: person
objectClass: uidObject
userPassword:
XM3FqJX2rfY5Cnzd1Q77gBIsSaiS/MWFfg2LPw==
cn: Java Duke
sn: Duke
uid: jduke
=====================================================================================
The application policy:
<application-policy name = "jmx-console">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://localhost:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">,ou=People,dc=jboss,dc=org</module-option>
<module-option name="rolesCtxDN">ou=Roles,dc=jboss,dc=org</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">true</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false</module-option>
<module-option name="searchTimeLimit">5000</module-option>
<module-option name="searchScope">ONELEVEL_SCOPE</module-option>
</login-module>
</authentication>
</application-policy>
Attachments
Issue Links
- relates to
-
JBAS-5584 Move OpenDS related tests out of AS5 test suite
-
- Closed
-
-
SECURITY-4 Evaluate OpenDS (Sun's OSS all-java Directory Server)
-
- Closed
-
