-
1. Re: JBoss + LDAP (Active Directory)
dlofthouse Aug 28, 2014 12:51 PM (in response to acewald)You would be better off using a later EAP release preferably EAP 6.3 where group loading from LDAP is possible - at that point you can then enable group loading from LDAP along with access control to restrict which groups are authorized to access the management API.
-
2. Re: JBoss + LDAP (Active Directory)
acewald Aug 29, 2014 4:37 AM (in response to dlofthouse)Hi,
thank you for your answer but i think then another Problem would pop up because the documentation at this point i more than poor and frustrating. I cannot find even documentation nor complete examples. For example in the doucumentation for EAP 6.3 https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Application_Platform/6.3/html/Security_Guide/About_Author… you have the authorization tag but before and after there is not about the authentication tag. Do i need it or is the authentication part of the authorizatiion. And where is the restriction to only one AD Group.
Do you have an idea if my approach have mistake in the Syntax
<advanced-filter filter="(&(sAMAccountName={0})(memberOf=CN=a_group,OU=User,DC=xxx,DC=xx,DC=xxx))"/>
I cannot imagine that this is right because i tell over base-dn sttribute where the users are, do i have to place in the filter where the gorups are. Sorry for question but i am not a AD specialist.
In addition i would try EAP 6.3. Perhaps someone have an example?
-
3. Re: JBoss + LDAP (Active Directory)
dlofthouse Aug 29, 2014 6:53 AM (in response to acewald)The authorization tag is after the authentication tag - the schemas are included with the distribution you are using.
The authentication element defines how we verify the remote user is who they say they are, the authorization tag then defines how we load additional information about that user to use for authorization decisions.