Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-3460

Alternative approach to map roles for a Teiid user via ldap login module instead of RoleMappingLoginModule(ie.with out using properties file )

    XMLWordPrintable

Details

    • Feature Request
    • Resolution: Done
    • Major
    • None
    • 8.7
    • LDAP Connector
    • None

    Description

      For the following ldap based login module
      ~~~
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
      <module-option name="java.naming.provider.url"><hostname></module-option>
      <module-option name="java.naming.security.protocol">ssl</module-option>
      <module-option name="realm">admin</module-option>
      <module-option name="bindDN"><username></module-option>
      <module-option name="bindCredential"><password></module-option>
      <module-option name="baseFilter">(uid=

      {0})</module-option>
      <module-option name="baseCtxDN">ou=people,dc=gene,dc=com</module-option>
      <module-option name="roleFilter">(uniquemember={1})</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
      <module-option name="roleAttributeIsDN">false</module-option>
      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
      <module-option name="java.naming.referral">follow</module-option>
      <module-option name="searchTimeLimit">10000</module-option>
      </login-module>
      <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="optional" >
      <module-option name="java.naming.provider.url"><hostname></module-option>
      <module-option name="java.naming.security.protocol">ssl</module-option>
      <module-option name="realm">admin</module-option>
      <module-option name="bindDN"><username></module-option>
      <module-option name="bindCredential"><password></module-option>
      <module-option name="baseFilter">(cn={0}

      )</module-option>
      <module-option name="baseCtxDN">ou=Apps,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
      <module-option name="roleFilter">(uniquemember=

      {1}

      )</module-option>
      <module-option name="roleAttributeID">cn</module-option>
      <module-option name="rolesCtxDN">ou=Groups,ou=ESB,ou=Applications,dc=gene,dc=com</module-option>
      <module-option name="roleAttributeIsDN">false</module-option>
      <module-option name="roleRecursion">2</module-option>
      <module-option name="searchScope">ONELEVEL_SCOPE</module-option>
      <module-option name="java.naming.referral">follow</module-option>
      <module-option name="searchTimeLimit">10000</module-option>
      </login-module>

      <!-- Map the Active Directory/LDAP Groups/Roles to meaningful JBoss roles -->
      <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
      <module-option name="rolesProperties">props/ldap-eds-rolemapping.properties</module-option>
      </login-module>

      ~~~

      Is there a way around not using the RoleMappingLoginModule (to avaoid usage of properties file )
      Instead use something similar to the declaration in a "web.xml" towards role mapping like below ?
      ~~~
      <auth-constraint>
      <role-name>TeiidAdmin</role-name>
      </auth-constraint>

      ...
      <security-role>
      <role-name>TeiidAdmin</role-name>
      </security-role>
      ~~~

      Attachments

        Activity

          People

            rhn-engineering-shawkins Steven Hawkins
            rhn-support-asaji Anu Saji
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: