1 Reply Latest reply on Jun 18, 2012 6:56 AM by jaysensharma

    Where to configure my LDAP auth code? and Folder Structure of AS7 compare with JBoss 5

    kamalsuriya

      Hi,

           I want to configure my AS with LDAP auth.

           Till the date, I am using JBoss 5.

           In ..\jboss-5\server\default\conf\login-config.xml file, I configured like,

           <application-policy name = "orangescape-sso">

                <authentication>

                    <login-module code="org.jboss.security.auth.spi.LdapLoginModule"  flag="required">

                         <module-option name="java.naming.factory.initial">  com.sun.jndi.ldap.LdapCtxFactory </module-option>

                         ...

                     </login-module>

                </authentication>

           </application-policy>

           -------------------------------

          In JBoss AS 7, I have configured in standalone.xml file. Is that correct file? Where to configure my LDAP auth code?

           Help to find the difference in file/folder structure between JBoss 5 and JBoss AS 7, and where to keep the LDAP configure code!.

        • 1. Re: Where to configure my LDAP auth code? and Folder Structure of AS7 compare with JBoss 5
          jaysensharma

          Hi Kamal,

           

             This link might be helpful: http://middlewaremagic.com/jboss/?p=378   You can use Admin-Console or the CLI in order to configure the same LDAP Security Domain...as following:

           

          <subsystem xmlns="urn:jboss:domain:security:1.1">

          .

          .

          .

           

                  <security-domain name="test_ldap_security_domain">

                      <authentication>

                          <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">

                              <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                              <module-option name="java.naming.provider.url" value="ldap://10.10.10.10:389"/>

                              <module-option name="bindDN" value="cn=abc,cn=Users,dc=mydomain,dc=com"/>

                              <module-option name="bindCredential" value="Test@123"/>

                              <module-option name="baseCtxDN" value="cn=Users,dc=mydomain,dc=com"/>

                              <module-option name="baseFilter" value="(userPrincipalName={0})"/>

                              <module-option name="rolesCtxDN" value="cn=Users,dc=mydomain,dc=com"/>

                              <module-option name="roleFilter" value="(userPrincipalName={0})"/>

                              <module-option name="roleAttributeID" value="memberOf"/>

                              <module-option name="roleNameAttributeID" value="cn"/>

                              <module-option name="roleAttributeIsDN" value="true"/>

                              <module-option name="allowEmptyPasswords" value="false"/>

                              <module-option name="Context.REFERRAL" value="follow"/>

                              <module-option name="throwValidateError" value="true"/>                    <!--  This attribute helps us in trouble shooting  the Ldap auth -->

                              <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                              <module-option name="allowEmptyPasswords" value="true"/>

                          </login-module>

                          <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">

                              <module-option name="rolesProperties" value="/home/userone/jboss-as-7.1.1.Final/standalone/configuration/test-roles.properties"/>

                              <module-option name="replaceRole" value="false"/>

                          </login-module>

                      </authentication>

                  </security-domain>

          .

          .

          .

             </security-domains>

          </subsystem>

           

           

                To configure security-domain using CLI script in JBossAS7 you can also try the following link with small modifications:   http://middlewaremagic.com/jboss/?p=2049  (How to create security-domain in JBossAS7 using CLI)