[MGNLLDAP-7] When using LDAP for authentication, non LDAP Magnolia users are not able to authenticate Created: 23/Apr/07  Updated: 30/Nov/10  Resolved: 03/May/07

Status: Closed
Project: LDAP Connector
Component/s: None
Affects Version/s: 1.0-rc2
Fix Version/s: 1.2

Type: Bug Priority: Major
Reporter: zam6ak Assignee: Philipp Bärfuss
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Template:
Acceptance criteria:
Empty
Task DoD:
[ ]* Doc/release notes changes? Comment present?
[ ]* Downstream builds green?
[ ]* Solution information and context easily available?
[ ]* Tests
[ ]* FixVersion filled and not yet released
[ ]  Architecture Decision Record (ADR)
Bug DoR:
[ ]* Steps to reproduce, expected, and actual results filled
[ ]* Affected version filled
Date of First Response:

 Description   

After setting up LDAP authentication in Magnolia other users (like superuser) were not able to authenticate.
The module should allow for cascade authentication (e.g. auth user agains LDAP, if unsuccessful, auth against Magnolia, if unsuccessful then fail)



 Comments   
Comment by Sameer Charles [ 03/May/07 ]

This should be solved by using a LoginModule chain,

Something like :

info.magnolia.jaas.sp.jcr.JCRAuthenticationModule optional;
info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule requisite skip_on_previous_success=true ;
info.magnolia.jaas.sp.jcr.JCRAuthorizationModule required;

to achieve this I need to add a support for custom dependency flags

Comment by zam6ak [ 03/May/07 ]

Will this config also be supported by JBoss?
In JBoss there is no jaas.conf file but you rather configure /server/all/cong/login-config.xml and the config looks something like this:

<!-- Required for Magnolia CMS -->
<application-policy name = "Jackrabbit">
<authentication>
<login-module code = "org.apache.jackrabbit.core.security.SimpleLoginModule" flag = "required" />
</authentication>
</application-policy>

<application-policy name="magnolia">
<authentication>
<login-module code="info.magnolia.jaas.sp.jcr.JCRAuthenticationModule" flag="requisite"/>
<!-- <login-module code="info.magnolia.jaas.sp.ldap.LDAPAuthenticationModule" flag="requisite"/> -->
<login-module code="info.magnolia.jaas.sp.jcr.JCRAuthorizationModule" flag="required"/>
</authentication>
</application-policy>

Will the custom dependency flags be compatible with JBoss config also?

Generated at Mon Feb 12 02:20:40 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.