Setting the LDAP role for Karaf

dhoyt Mar 25, 2011 11:11 AM

I have LDAP setup in my ServiceMix 4 environment using the ldap-module.xml file. The issue is that as long as a user on the LDAP server has a valid login, they can sign into karaf. What I would really like is to only allow login if the user is a member of the smxAdmin group (cn=smxAdmin,ou=roles,dc=example,dc=com). I looked at both the org.apache.karaf.shell.cfg and system.properties files, but I don't see a place to add the role I want to compare against. I'd like to use this with all Karaf logins (karaf, SSH, and Web Console).

Any idea how I can accomplish this?

1. Re: Setting the LDAP role for Karaf

mielket Mar 28, 2011 4:08 AM (in response to dhoyt)

It is currently not possible to specify a different admin role name in ServiceMix 4.3.
ServiceMix 4.4 will use Karaf 2.2 and will then allow to specify the admin role name in etc/system.properties in the configuration variable
karaf.admin.role=admin

But again, this is currently not possible in ServiceMix 4.3.1. Right now the role name needs to be called "admin".

Also see ESB-1409
Actions
2. Re: Setting the LDAP role for Karaf

dhoyt Mar 28, 2011 9:52 AM (in response to mielket)

I added a new role named admin (cn=admin,ou=roles,dc=example,dc=com), and added a couple users to it. I tried again, and I can still get in with users who are members and users who are not members of that admin group. Any ideas why?

Also, any idea when 4.4 will be released?
Actions

Go to original post