JBOSS LDAP Integration
JBOSS Active Directory LDAP Integration
1) Edit the required application policy in $JBOSS_SERVER_HOME/conf/login-config.xml
For example, if you want to secure the web-console application of jboss, edit the following application policy.
<application-policy name="ldap-encrypted">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="java.naming.provider.url">ldap://{server_name}:389</module-option>
<module-option name="bindDN">CN=bindid,OU=something,dc=something,dc=com</module-option>
<module-option name="bindCredential">passwordgoeshere</module-option>
<module-option name="baseCtxDN">dc=something,dc=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="rolesCtxDN">dc=something,dc=com</module-option>
<module-option name="roleFilter">(sAMAccountName={0})</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleAttributeID">memberOf</module-option>
<module-option name="roleNameAttributeID">cn</module-option>
<module-option name="roleRecursion">-1</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="trace">true</module-option>
<module-option name="java.naming.referral">follow</module-option>
<module-option name="defaultRole">JBossAdmin</module-option>
</login-module>
</authentication>
</application-policy>
2) Please note that the role JBossAdmin defined above is referenced from WEB-INF/web.xml of the application.
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
2) Please note that the role JBossAdmin defined above is referenced from WEB-INF/web.xml of the application.
<security-role>
<role-name>JBossAdmin</role-name>
</security-role>
3) Please note that <application-policy name="web-console"> specified above is referenced from jboss-web.xml within app.
<jboss-web>
<security-domain>java:/jaas/ldap-encrypted</security-domain>
<depends>jboss.admin:service=PluginManager</depends>
</jboss-web>
<jboss-web>
<security-domain>java:/jaas/ldap-encrypted</security-domain>
<depends>jboss.admin:service=PluginManager</depends>
</jboss-web>
posted by Jayanthi Krishnamurthy @ 3:55 PM
2 Comments
