Forum Home » Fuse Distributions » Fuse ESB

Thread: Securing webconsole with LDAP doesn't work (FUSE ESB 4.3.1)

 
This question is not answered. Helpful answers available: 2. Correct answers available: 1.


Permlink Replies: 3 - Last Post: Jan 19, 2012 4:38 PM Last Post By: futuredan
hellosir1979

Posts: 14
Registered: 01/04/12
Securing webconsole with LDAP doesn't work (FUSE ESB 4.3.1)
Posted: Jan 13, 2012 4:22 PM
 
  Click to reply to this thread Reply
Hi there,

I'm using Fuse ESB 4.3.1 and read through the tutorial on securing fuse with LDAP using this tutorial

Link: http://fusesource.com/docs/esb/4.4/esb_security/FESBLDAPTutorial.html

I downloaded apache ds and apache directory and enter in all the roles/users etc that the example does.

Then I launch servicemix and open up another console and try to do a remote client call, the problem is that every user I defined in apache ds (crider, janedoe, jdoe) are able to access remote client. Same thing with the webconsole.

Just for giggles, I decided to install fuse esb 4.4 and did the exact same steps and everything works. I would upgrade to 4.4, but my task specifically calls to use servicemix 4.3.

If someone could shed some light on this issue, that would be great.

Thanks in advance.

Edited by: hellosir1979 on Jan 13, 2012 4:23 PM
futuredan

Posts: 40
Registered: 11/22/10
Re: Securing webconsole with LDAP doesn't work (FUSE ESB 4.3.1)
Posted: Jan 19, 2012 2:36 PM   in response to: hellosir1979 in response to: hellosir1979
 
  Click to reply to this thread Reply
I believe this ticket shows how to fix the problem.
http://fusesource.com/issues/browse/ESB-1434
hellosir1979

Posts: 14
Registered: 01/04/12
Re: Securing webconsole with LDAP doesn't work (FUSE ESB 4.3.1)
Posted: Jan 19, 2012 3:59 PM   in response to: futuredan in response to: futuredan
 
  Click to reply to this thread Reply
Thanks for reply.

This is my ldap-module.xml

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

<jaas:config name="karaf" rank="1">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connection.username=uid=admin,ou=system
connection.password=secret
connection.protocol=
connection.url=ldap://localhost:10389
user.base.dn=ou=users,ou=system
user.filter=(uid=%u)
user.search.subtree=true
role.base.dn=ou=roles,ou=system
role.name.attribute=cn
role.filter=(member=uid=%u)
role.search.subtree=true
authentication=simple
</jaas:module>
</jaas:config>
</blueprint>

What am I changing in here to get it to work? I'm not sure how to edit my file to get it to work?

futuredan

Posts: 40
Registered: 11/22/10
Re: Securing webconsole with LDAP doesn't work (FUSE ESB 4.3.1)
Posted: Jan 19, 2012 4:38 PM   in response to: hellosir1979 in response to: hellosir1979
 
  Click to reply to this thread Reply
I don't think there is anything wrong with your ldap-module.xml.
The necessary changes as described in the ticket are below:

1. deploying the jaas blueprint config xml (without packaging into an OSGi bundle) into the deploy/ folder.
2. changing to Felix (karaf.framework=felix in config.properties)

If you are already following these steps, then you do not have the problem I think you have.