How to encrypt LdapExtLoginModule bindCredential
vinger Feb 28, 2013 4:04 AMHi!
Could you please anyone to help me?
I'm using JBoss AS 7.1.1.Final and i have to encrypt the bindCredential in the LDAP configuration.
Basically i would like to use somehow the VAULT.
I've already defined the vault section in the standalon-full.xml, as follows:
<vault>
<vault-option name="KEYSTORE_URL" value="c:\java\jboss-as-7.1.1.Final\vault\my.keystore"/>
<vault-option name="KEYSTORE_PASSWORD" value="MASK-11LxPCyHeyOLOGfHDzEr8D"/>
<vault-option name="KEYSTORE_ALIAS" value="test"/>
<vault-option name="SALT" value="testtest"/>
<vault-option name="ITERATION_COUNT" value="51"/>
<vault-option name="ENC_FILE_DIR" value="c:\java\jboss-as-7.1.1.Final\vault\"/>
</vault>
I could apply successfully the vault config for the datasources:
<security>
<user-name>db_user</user-name>
<password>${VAULT::Basel2DS::password::ZTUxNjU3NjctM2NkZi00MGU5LWJlN2YtY2VjNDg3ZTZhYjVhTElORV9CUkVBS2Jhc2Vs}</password>
</security>
but in the LDAP config section the vault expression doesn't work:
<security-domain name="Basel" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://myserver:389"/>
<module-option name="bindDN" value="ldap_user"/>
<module-option name="bindCredential" value="${VAULT::LDAP::password::ZjFiMDcxNDctN2RiYi00YzdjLWIwNDItYTcxYzJjMDIyMjE5TElORV9CUkVBS2Jhc2Vs}"/>
<module-option name="baseCtxDN" value="dc=mycompany,dc=local"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="rolesCtxDN" value="ou=mycompany,dc=local"/>
<module-option name="roleFilter" value="(sAMAccountName={0})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleRecursion" value="-1"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="additionalRole" value="authenticated"/>
<module-option name="defaultRole" value="authenticated"/>
<module-option name="allowEmptyPasswords" value="false"/>
</login-module>
</authentication>
</security-domain>
What would be the proper configuration to encrypt the bindCredential?
Thanks!
Geri