login-config.xml for OSX OpenDirectory
If your looking to deploy a JBoss server on OSX and wish to use the OpenDirectory user accounts for authentication, here is an example an application-policy to add to your login-config.xml.
NOTE: you will need to change the following:
java.naming.provider.url=[YourOsxServer|your osx server]
baseCtxDN=[YourLDAPSearchBase|your LDAP Search base] (you'll find this in Server Admin/OpenDirectory
rolesCtxDN=[YourLDAPSearchBaseCngroups|your LDAP Search base + cn=groups]
The rest should just work. you'll be able to connect to this via jaas.
If your using seam then you need to add the following to your components.xml
<security:identity authenticate-method="{authenticator.authenticate}" jaas-config-name="osx" />
<application-policy name="osx"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > <module-option name="java.naming.factory.initial"> com.sun.jndi.ldap.LdapCtxFactory </module-option> <module-option name="java.naming.provider.url"> ldap://ldap.domain.org:389/ </module-option> <module-option name="java.naming.security.authentication"> simple </module-option> <module-option name="baseCtxDN">dc=domain,dc=org</module-option> <module-option name="baseFilter">(Uid={0})</module-option> <module-option name="rolesCtxDN">cn=groups,dc=domain,dc=org</module-option> <module-option name="roleFilter">(memberUid={0})</module-option> <module-option name="roleAttributeIsDN">false</module-option> <module-option name="roleAttributeID">cn</module-option> <module-option name="roleRecursion">1</module-option> <module-option name="searchTimeLimit">5000</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> </login-module> </authentication> </application-policy>
Comments