JBOSS Admin: JBOSS LDAP Integration

JBOSS Active Directory LDAP Integration

1) Edit the required application policy in $JBOSS_SERVER_HOME/conf/login-config.xml

For example, if you want to secure the web-console application of jboss, edit the following application policy.

<application-policy name="ldap-encrypted">

<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >

<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>

<module-option name="java.naming.security.authentication">simple</module-option>

<module-option name="java.naming.provider.url">ldap://{server_name}:389</module-option>

<module-option name="bindDN">CN=bindid,OU=something,dc=something,dc=com</module-option>

<module-option name="bindCredential">passwordgoeshere</module-option>

<module-option name="baseCtxDN">dc=something,dc=com</module-option>

<module-option name="baseFilter">(sAMAccountName={0})</module-option>

<module-option name="rolesCtxDN">dc=something,dc=com</module-option>

<module-option name="roleFilter">(sAMAccountName={0})</module-option>

<module-option name="roleAttributeIsDN">true</module-option>

<module-option name="roleAttributeID">memberOf</module-option>

<module-option name="roleNameAttributeID">cn</module-option>

<module-option name="roleRecursion">-1</module-option>

<module-option name="allowEmptyPasswords">false</module-option>

<module-option name="searchScope">SUBTREE_SCOPE</module-option>

<module-option name="trace">true</module-option>

<module-option name="java.naming.referral">follow</module-option>

<module-option name="defaultRole">JBossAdmin</module-option>

</login-module>

</authentication>

</application-policy>

2) Please note that the role JBossAdmin defined above is referenced from WEB-INF/web.xml of the application.
   <security-role>
   <role-name>JBossAdmin</role-name>
   </security-role>

3) Please note that <application-policy name="web-console"> specified above is referenced from jboss-web.xml within app.
<jboss-web>
<security-domain>java:/jaas/ldap-encrypted</security-domain>
<depends>jboss.admin:service=PluginManager</depends>
</jboss-web>

2 Comments:

At February 16, 2011 at 3:48 PM , Giri said...: Hi Jayanthi,
I tried encryption of password in jboss itself it worked for jmx-console and web-console. But it didn't work for admin-console as the admin console is using seam security.

The above example of ldap integration is being used for web-console.
Does this work for admin-console also.

Thanks and Regards,
Giri
At March 15, 2011 at 1:37 PM , Jayanthi Krishnamurthy said...: LDAP integration should work for admin-console.

JBOSS Admin

Friday, July 16, 2010

JBOSS LDAP Integration

2 Comments:

Post a Comment

About Me

Posts

Archives