Issue Details (XML | Word | Printable)

Key: GLASSFISH-20125
Type: Bug Bug
Status: Resolved Resolved
Resolution: Fixed
Priority: Major Major
Assignee: Tim Quinn
Reporter: Tim Quinn
Votes: 0
Watchers: 0
Operations

If you were logged in you would be able to see more operations.
glassfish

configure-ldap-for-admin command does not work

Created: 01/Apr/13 11:36 PM   Updated: 02/Apr/13 12:08 AM   Resolved: 02/Apr/13 12:08 AM
Component/s: admin
Affects Version/s: 4.0
Fix Version/s: 4.0_b83

Time Tracking:
Not Specified

Tags:
Participants: Tim Quinn


 Description  « Hide

The configure-ldap-for-admin command reports success but further attempts to log-in as an administrator do not work.



Tim Quinn added a comment - 02/Apr/13 12:08 AM

Fix checked in:

Project: glassfish
Repository: svn
Revision: 61080
Author: tjquinn
Date: 2013-04-02 00:06:17 UTC
Link:

Log Message:
------------
Fix for GLASSFISH-20125 - configure-ldap-for-admin command does not work

The configure-ldap-for-admin command was never updated to reflect the new security configuration added to domain.xml. As a result the LDAP login module was never used during authentication, even after the command was run.

These changes to the command make the additional alterations in the new security configuration so that the LDAP login module is used correctly.

Note that some classes were moved from the security/core module to security/services so that the command logic (formerly in security/core) could work with the newer config classes (in security/services).

Tests: QL, manual tests with Ramesh's LDAP server (thanks, Ramesh)

Revisions:
----------
61080

Modified Paths:
---------------
trunk/main/nucleus/security/core/src/main/java/com/sun/enterprise/security/cli/LocalStrings.properties
trunk/main/nucleus/security/services/src/main/java/org/glassfish/security/services/provider/authorization/SimpleAuthorizationProviderImpl.java

Added Paths:
------------
trunk/main/nucleus/security/services/src/main/resources
trunk/main/nucleus/security/services/src/main/resources/org/glassfish/security
trunk/main/nucleus/security/services/src/main/java/org/glassfish/security/services/commands/LDAPAdminAccessConfigurator.java
trunk/main/nucleus/security/services/src/main/java/org/glassfish/security/services/impl/LDAPLoginModule.java
trunk/main/nucleus/security/services/src/main/resources/org
trunk/main/nucleus/security/services/src/main/resources/org/glassfish
trunk/main/nucleus/security/services/src/main/resources/org/glassfish/security/services/commands/LocalStrings.properties
trunk/main/nucleus/security/services/src/main/resources/org/glassfish/security/services/commands
trunk/main/nucleus/security/services/src/main/resources/org/glassfish/security/services


Tim Quinn added a comment - 01/Apr/13 11:38 PM

The new security configuration (the security-services section in domain.xml) is involved in authentication and authorization decisions, as well as the older config for the admin file realm.

The configure-ldap-for-admin command alters the older configuration according to the user's command-line arguments but was never changed to update the newer configuration.