worklight server authentication with Ldap

0
votes

I want to authenticate users using ApacheDS LDAP and then integrate it with my worklight server(liberty profile). For that i modified server.xml with the following code after http endpoint element.

   <ldapRegistry id=”ldap” >
   realm=”LdapRegistry” 
   host=”localhost” 
  port=”10389” 
  ignoreCase=”true”
  baseDN=”dc=partition1,dc=com”
  bindDN=”uid=admin,ou=system”
  userFilter=”(&(uid=%v)(objectclass=inetOrgPerson))”
  bindPassword=”secret”
  ldapType="ApacheDS 2.0.0"
  </ldapRegistry>

in authenticationconfig.xml

        "<securityTests>
    <customSecurityTest name="LDAPSecurityTest">
        <test isInternalUserID="true" realm="LDAPRealm"/>
    </customSecurityTest>

    <customSecurityTest name="LDAPSecurityTestForWLConsole">
        <test isInternalUserID="true" realm="WorklightConsole"/>
    </customSecurityTest>
</securityTests>

<realms>
    <realm loginModule="LDAPLoginModule" name="LDAPRealm">
          <className>com.worklight.UsernamePasswordJSONAuthenticator</className>
    </realm>

    <realm loginModule="StrongDummy" name="SampleAppRealm">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
    </realm>

    <realm loginModule="LDAPLoginModule" name="WorklightConsole">
        <className>com.worklight.core.auth.ext.FormBasedAuthenticator</className>
        <onLoginUrl>/console</onLoginUrl>
    </realm>
</realms>

<loginModules>
    <loginModule name="LDAPLoginModule">
        <className>com.worklight.LDAPLoginModule</className>
        <parameter name="ldapHost" value="ldap://localhost:10389"/>
        <parameter name="ldapDomain" value="localhost:10389"/>
        <parameter name="searchBase" value="dc=partition1,dc=com"/>

        <!-- 
            In case credentials are successfully validated check user's memberOf property for this string.
            Can be used to check whether user belongs to specific LDAP unit or group.
            Leave value empty to skip this check.
          -->


    </loginModule>

    <loginModule name="StrongDummy">
         <className>com.worklight.core.auth.ext.NonValidatingLoginModule</className>
    </loginModule>

    <loginModule name="requireLogin">
<className>com.worklight.core.auth.ext.SingleIdentityLoginModule</className>
    </loginModule>
</loginModules>
  </tns:loginConfiguration>

The worklight server console stops working. Following LDAP login module from ibm site and support centre for configuring to liberty profile. Kindly help

2
ldapibm-mobilefirst

2 Answers

0
votes

I noted that your LDAP conf uses two different types of quotes - ” and ". Could it be the reason? Try changing all of them to ".

0
votes

First point: I think that the LDAP type "ApacheDS 2.0.0" is not correct.
The supported types are:

  1. Microsoft Active Directory
  2. Custom
  3. IBM Lotus Domino Novell eDirectory
  4. IBM Tivoli Directory Server
  5. Sun Java System Directory Server
  6. Netscape Directory Server
  7. IBM SecureWay Directory Server

So surely Custom has to be used.

Second point: you have to add userIdMap="*:uid".
So try with:

 <ldapRegistry id=”ldap” >
  realm=”LdapRegistry” 
  host=”localhost” 
  port=”10389” 
  ignoreCase=”true”
  baseDN=”dc=partition1,dc=com”
  bindDN=”uid=admin,ou=system”
  userFilter=”(&amp;(uid=%v)(objectclass=inetOrgPerson))”
  userIdMap="*:uid"
  bindPassword=”secret”
  ldapType="Custom"
 </ldapRegistry>