Using Mangled bindPassword with FTL JAAS module LdapLoginModule.
Article ID: KB0094004
Updated On:
| Products | Versions |
|---|---|
| TIBCO FTL | - |
| Not Applicable | - |
Description
Description:
Using Mangled bindPassword with FTL JAAS module LdapLoginModule.
Using Mangled bindPassword with FTL JAAS module LdapLoginModule.
Issue/Introduction
Using Mangled bindPassword with FTL JAAS module LdapLoginModule.
Resolution
The prebuilt JAAS login module LdapLoginModule accepts only clear-text password for bindPassword. If we encrypt or mangle the bindPassword, authentication fails as the module will not be able to bind to LDAP server. Attached is a modified JAAS module (Filename: customLDAPJaasModule.jar), which internally uses the FTL Admin API to unmangle the bindPassword. This JAAS module can be used with both mangled and clear-text bindPassword.
com.tibco.ftl.jaas.LdapLoginModuleMangled required
debug="true"
.......
};
3). Update the bindPassword with mangled password generating using: tibrealmadmin --mangle <password>
jetty9-all.jar
Starting FTL Realm Server with customLDAPJaasModule.jar .
1). Update the CLASSPATH in tibrealmserver.bat or tibrealmadmin to include the customLDAPJaasModule.jar .
2). Update the ldap.jaas file to use LdapLoginModuleMangled as below.
com.tibco.ftl.jaas.LdapLoginModuleMangled required
debug="true"
.......
};
3). Update the bindPassword with mangled password generating using: tibrealmadmin --mangle <password>
4). Start the server using the updated tibrealmserver.bat or tibrealmadmin. e.g., ./tibrealserver -d <path to data directory> -ht localhost:8080 -j <path to ldap.jaas>
Note that the source code is attached (Filename: LdapLoginModuleMangled.java) for your refeernce. You will need to have the following JARs in the CLASSPATH for compiling the Java file.
jetty9-all.jar
Attachments
Feedback
Yes
No
Powered by
