I could use some help getting LdapIdentityStore to connect to my Active Directory instance.
I was able to successfully login using:
<security-identity jaas-config-name="myConfig" />
myConfig from login-config.xml:
<application-policy name="myConfig"> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required"> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://1.1.1.1:389</module-option> <module-option name="java.naming.security.authentication">simple</module-option> <module-option name="principalDNSuffix">@ABC.com</module-option> <module-option name="rolesCtxDN">CN=Users,dc=ABC,dc=com</module-option> <module-option name="matchOnUserDN">false</module-option> <module-option name="uidAttributeID">sAMAccountName</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="searchScope">SUBTREE_SCOPE</module-option> <module-option name="allowEmptyPasswords">false</module-option> <module-option name="java.naming.factory.initial"></module-option> <login-module> <login-module code="org.jboss.security.ClientLoginModule" flag="required" /> </application-policy>
How do I translate this into properties for the ldap-identity-store tag in components.xml?
Right now I have:
<security:ldap-identity-store name="ldapIdentityStore" server-address="1.1.1.1" server-port="389" user-DN-suffix="#messages['ldap.user.principal.name.suffix']}"(this resolves to @ABC.com) role-context-DN="CN=Users,dc=ABC,dc=com" user-name-attribute="sAMAccountName" user-role-attribute="memberOf" role-attribute-is-DN="true" />
I've tried lots of other permutations and properties but am not having much luck. Any advice would be appreciated.
that last java.naming.factory.initial is not actually there.