LDAP & Roles

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

LDAP & Roles

mtod09
I'm trying to setup LDAP using Roles I setup a copy of Servicemix on my local system and it works fine.
When I place it up on a server everything works except for roles.

For some reason the process that get's the roles fails on the server version.

Local system is Windows 10 and server is Windows 2012 R2.

Thanks for any help you can provide.

Server Version

2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf, role=webconsole, rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules
.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal, configuration=null, username=inttest02, password=******]
2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-03-05 20:44:31,381 | DEBUG | qtp700085358-120 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
2017-03-05 20:44:31,381 | DEBUG | qtp700085358-120 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-03-05 20:44:31,389 | DEBUG | qtp700085358-120 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully bound.
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.RolePrincipal
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.modules.RolePrincipal
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.modules.RolePrincipal, continuing
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.GroupPrincipal
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.GroupPrincipal, continuing
2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator                    | 233 - io.hawt.hawtio-web - 1.4.68 | User inttest02 does not have the required role webconsole

Local Version

2017-03-05 18:05:51,962 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf, role=webconsole, rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal, configuration=null, username=inttest02, password=******]
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-03-05 18:05:52,180 | DEBUG | icalNaming=false | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully bound.
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.RolePrincipal
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[viewer]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | role viewer doesn't match webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[Mirth Admins DEV]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | role Mirth Admins DEV doesn't match webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[manager]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | role manager doesn't match webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[jmxUser]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | role jmxUser doesn't match webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[admin]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | role admin doesn't match webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[sshConsole]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | role sshConsole doesn't match webconsole, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.RolePrincipal toString: RolePrincipal[webconsole]
2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Matched role and role principal class

Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP & Roles

jbonofre
Hi,

do you use role mapping ?

Can you share your JAAS LDAP config ?

Regards
JB

On 03/06/2017 03:22 AM, mtod09 wrote:

> I'm trying to setup LDAP using Roles I setup a copy of Servicemix on my local
> system and it works fine.
> When I place it up on a server everything works except for roles.
>
> For some reason the process that get's the roles fails on the server
> version.
>
> Local system is Windows 10 and server is Windows 2012 R2.
>
> Thanks for any help you can provide.
>
> Server Version
>
> 2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf,
> role=webconsole,
> rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules
> .RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal,
> configuration=null, username=inttest02, password=******]
> 2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
> 2017-03-05 20:44:31,380 | DEBUG | qtp700085358-120 | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
> 2017-03-05 20:44:31,381 | DEBUG | qtp700085358-120 | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal
> for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
> 2017-03-05 20:44:31,381 | DEBUG | qtp700085358-120 | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
> 2017-03-05 20:44:31,389 | DEBUG | qtp700085358-120 | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully
> bound.
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
> org.apache.karaf.jaas.boot.principal.RolePrincipal
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
> UserPrincipal[inttest02]
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | principal class
> org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
> org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
> org.apache.karaf.jaas.modules.RolePrincipal
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
> UserPrincipal[inttest02]
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | principal class
> org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
> org.apache.karaf.jaas.modules.RolePrincipal, continuing
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
> org.apache.karaf.jaas.boot.principal.GroupPrincipal
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
> UserPrincipal[inttest02]
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | principal class
> org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
> org.apache.karaf.jaas.boot.principal.GroupPrincipal, continuing
> 2017-03-05 20:44:31,390 | DEBUG | qtp700085358-120 | Authenticator
> | 233 - io.hawt.hawtio-web - 1.4.68 | User inttest02 does not have the
> required role webconsole
>
> Local Version
>
> 2017-03-05 18:05:51,962 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf,
> role=webconsole,
> rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.modules.RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal,
> configuration=null, username=inttest02, password=******]
> 2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
> 2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
> 2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal
> for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
> 2017-03-05 18:05:51,963 | DEBUG | icalNaming=false | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
> 2017-03-05 18:05:52,180 | DEBUG | icalNaming=false | LDAPLoginModule
> | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully
> bound.
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass:
> org.apache.karaf.jaas.boot.principal.RolePrincipal
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[viewer]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | role viewer doesn't match webconsole,
> continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[Mirth Admins DEV]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | role Mirth Admins DEV doesn't match
> webconsole, continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[manager]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | role manager doesn't match webconsole,
> continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[jmxUser]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | role jmxUser doesn't match webconsole,
> continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[admin]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | role admin doesn't match webconsole,
> continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[sshConsole]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | role sshConsole doesn't match
> webconsole, continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.UserPrincipal toString:
> UserPrincipal[inttest02]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | principal class
> org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match
> org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname:
> org.apache.karaf.jaas.boot.principal.RolePrincipal toString:
> RolePrincipal[webconsole]
> 2017-03-05 18:05:52,181 | DEBUG | icalNaming=false | Authenticator
> | 243 - io.hawt.hawtio-web - 1.4.68 | Matched role and role principal class
>
>
>
>
>
> --
> View this message in context: http://karaf.922171.n3.nabble.com/LDAP-Roles-tp4049745.html
> Sent from the Karaf - User mailing list archive at Nabble.com.
>

--
Jean-Baptiste Onofré
[hidden email]
http://blog.nanthrax.net
Talend - http://www.talend.com
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP & Roles

mtod09
Here is the ldap config from both systems.

I also tried a fresh install on the server with no luck.

Thanks for the help

Server Version

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
           xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
   <jaas:config name="karaf" rank="2">
      <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
        connection.username=CN=XXXXX,OU=Service Accounts,DC=corp,DC=local
        connection.password=XXXXX
        connection.protocol=s
        connection.url=ldap://corp.local:389
        user.base.dn=DC=corp,DC=local
                user.filter=(&(objectCategory=person)(samAccountName=%u))
        user.search.subtree=true
        role.base.dn=OU=Application Groups,OU=Domain Groups,DC=corp,DC=local
        role.name.attribute=cn
                role.filter=(&(objectClass=group)(member=%dn))
        role.search.subtree=true
                role.mapping=ActiveMQ_Admins_DEV=admin,webconsole,manager,jmxUser,sshConsole,viewer;ActiveMQ_Users_DEV=viewer
        authentication=simple
                debug=true
                detailedLoginExcepion = true
      </jaas:module>
    </jaas:config>
</blueprint>       

Local Version

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
           xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
   <jaas:config name="karaf" rank="2">
      <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
        initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
        connection.username=CN=XXXXX,OU=Service Accounts,DC=corp,DC=local
        connection.password=XXXXX
        connection.protocol=s
        connection.url=ldap://corp.local:389
        user.base.dn=DC=corp,DC=local
                user.filter=(&(objectCategory=person)(samAccountName=%u))
        user.search.subtree=true
        role.base.dn=OU=Application Groups,OU=Domain Groups,DC=corp,DC=local
        role.name.attribute=cn
                role.filter=(&(objectClass=group)(member=%dn))
        role.search.subtree=true
                role.mapping=ActiveMQ_Admins_DEV=admin,webconsole,manager,jmxUser,sshConsole,viewer;ActiveMQ_Users_DEV=viewer
        authentication=simple
                debug=true
                detailedLoginExcepion = true
      </jaas:module>
    </jaas:config>
</blueprint>       
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP & Roles

mtod09
To add :

When using the bin\client it works fine seems to only happen when using the web portals, system/console, hawtio, activemq

2017-03-06 11:03:48,057 | DEBUG | c]-nio2-thread-3 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
2017-03-06 11:03:48,058 | DEBUG | c]-nio2-thread-3 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
2017-03-06 11:03:48,058 | DEBUG | c]-nio2-thread-3 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
2017-03-06 11:03:48,058 | DEBUG | c]-nio2-thread-3 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
2017-03-06 11:03:48,281 | DEBUG | c]-nio2-thread-3 | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully bound.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: LDAP & Roles

mtod09
This post was updated on .
Adjusted my filter to : role.filter=(&(objectClass=group)(member=%dn,DC=corp,DC=local))

Verified that it returns 2 Groups : Mirth Admins DEV and ActiveMQ_Admins_DEV

role.mapping=ActiveMQ_Admins_DEV=admin,webconsole,manager,jmxUser,sshConsole,viewer;ActiveMQ_Users_DEV=viewer


17-03-06 09:32:03,032 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | doAuthenticate[realm=karaf, role=webconsole, rolePrincipalClasses=org.apache.karaf.jaas.boot.principal.RolePrincipal,org.apache.karaf.jaas.module
RolePrincipal,org.apache.karaf.jaas.boot.principal.GroupPrincipal, configuration=null, username=inttest02, password=******]
17-03-06 09:32:03,034 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Get the user DN.
17-03-06 09:32:03,306 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user in LDAP with
17-03-06 09:32:03,306 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   base DN: DC=corp,DC=local
17-03-06 09:32:03,306 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   filter: (&(objectCategory=person)(samAccountName=inttest02))
17-03-06 09:32:03,487 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Found the user DN.
17-03-06 09:32:03,488 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Bind user (authentication).
17-03-06 09:32:03,488 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Set the security principal for CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local
17-03-06 09:32:03,489 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Binding the user.
17-03-06 09:32:03,677 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | User inttest02 successfully bound.
17-03-06 09:32:03,773 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 | Looking for the user roles in LDAP with
17-03-06 09:32:03,773 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   base DN: OU=Application Groups,OU=Domain Groups,DC=corp,DC=local
17-03-06 09:32:03,773 | DEBUG | wtio/auth/login/ | LDAPLoginModule                  | 116 - org.apache.karaf.jaas.modules - 4.0.8 |   filter: (&(objectClass=group)(member=CN=inttest02,OU=Test Accounts,OU=IT,OU=Domain Users,DC=corp,DC=local))
17-03-06 09:32:03,868 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.RolePrincipal
17-03-06 09:32:03,868 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.RolePrincipal, continuing
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.modules.RolePrincipal
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.modules.RolePrincipal, continuing
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Looking for rolePrincipalClass: org.apache.karaf.jaas.boot.principal.GroupPrincipal
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | Checking principal, classname: org.apache.karaf.jaas.boot.principal.UserPrincipal toString: UserPrincipal[inttest02]
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | principal class org.apache.karaf.jaas.boot.principal.UserPrincipal doesn't match org.apache.karaf.jaas.boot.principal.GroupPrincipal, continuing
17-03-06 09:32:03,869 | DEBUG | wtio/auth/login/ | Authenticator                    | 243 - io.hawt.hawtio-web - 1.4.68 | User inttest02 does not have the required role webconsole
Loading...