LDAP role/group mappings and Active Directory
Hi,
I am trying to get an EJB module to authenticate against Active Directory using an ldapRealm. I have managed to get the authentication working correctly but am having problems with role/group mappings.
In my Realm configuration I have the following:
group-base-dn: CN=Users,dc=MyADDomain,dc=MyDomain,dc=com
group-search-filter: member=%d
And my ejb-jar.xml and sun-ejb-jar.xml are attached below.
I am authenticating with a user that is a member of the Development group (which is in the Users CN) but a call to
oSessionContext.isCallerInRole("user");
returns false.
What am I missing here?
Stuart
ejb-jar.xml:
<ejb-jar>
<display-name>JAASTest</display-name>
<enterprise-beans>
<session>
<description>Test Session Bean</description>
<ejb-name>jaasejb.JAASEJB</ejb-name>
<home>jaasejb.JAASEJBHome</home>
<remote>jaasejb.JAASEJB</remote>
<ejb-class>jaasejb.JAASEJBBean</ejb-class>
<session-type>Stateless</session-type>
<transaction-type>Container</transaction-type>
<security-role-ref>
<role-name>user</role-name>
</security-role-ref>
</session>
</enterprise-beans>
</ejb-jar>
sun-ejb-jar.xml:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE sun-ejb-jar PUBLIC '-//Sun Microsystems, Inc.//DTD Sun ONE Application Server 7.0 EJB 2.0//EN' 'http://www.sun.com/software/sunone/appserver/dtds/sun-ejb-jar_2_0-0.dtd'>
<sun-ejb-jar>
<security-role-mapping>
<role-name>user</role-name>
<group-name>Development</group-name>
</security-role-mapping>
<enterprise-beans>
<ejb>
<ejb-name>jaasejb.JAASEJB</ejb-name>
<jndi-name>jaasejb.JAASEJB</jndi-name>
<ior-security-config>
<as-context>
<auth-method>USERNAME_PASSWORD</auth-method>
<realm>ActiveDir</realm>
<required>true</required>
</as-context>
</ior-security-config>
<is-read-only-bean>false</is-read-only-bean>
<gen-classes></gen-classes>
</ejb>
</enterprise-beans>
</sun-ejb-jar>
