-
1. Re: Custom LDAP security domain
valsaraj007 Jan 30, 2015 5:28 AM (in response to valsaraj007)I have done this by creating a custom login module by extending LoginModule class.
<
bindings
>
<
external-context
name
=
"java:global/app/ldap"
class
=
"javax.naming.directory.InitialDirContext"
cache
=
"true"
>
<
environment
>
<
property
name
=
"java.naming.factory.initial"
value
=
"com.sun.jndi.ldap.LdapCtxFactory"
/>
<
property
name
=
"java.naming.provider.url"
value
=
"ldap://ldap.example.com:636"
/>
<
property
name
=
"java.naming.security.authentication"
value
=
"simple"
/>
<
property
name
=
"java.naming.security.principal"
value
=
"uid=admin,ou=system"
/>
<
property
name
=
"java.naming.security.credentials"
value
=
"xxxxxxx"
/>
</
environment
>
</
external-context
>
<
lookup
name
=
"java:global/c"
lookup
=
"java:global/b"
/>
</
bindings
>
Created LDAP external context like this and passed to my security domain custom login module as module option.
<security-domain name="appLDAP" cache-type="default">
<authentication>
<login-module code="org.app.security.auth.MyLoginModule" flag="required" module="com.app.configuration">
<module-option name="jaasSecurityDomain" value="java:global/app/ldap"/>
<module-option name="principalDNPrefix" value="uid"/>
<module-option name="principalDNSuffix" value="ou=system,dc=app,dc=com"/>
<module-option name="rolesCtxDN" value="ou=groups,dc=app,dc=com"/>
<module-option name="roleAttributeID" value="cn"/>
</login-module>
<login-module code="org.jboss.security.ClientLoginModule" flag="required">
<module-option name="restore-login-identity" value="true"/>
</login-module>
</authentication>
</security-domain>
-
2. Re: Custom LDAP security domain
rodrigo.uchoa Apr 1, 2015 12:32 PM (in response to valsaraj007)How did you reference your custom security domain in your application? More precisely, in the jboss-web.xml and web.xml?
jboss-web.xml:
<jboss-web>
<security-domain>java:/jaas/appLDAP</security-domain>
</jboss-web>
or
<jboss-web>
<security-domain>appLDAP</security-domain>
</jboss-web>
web.xml:
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>appLDAP</realm-name> //or java:/jaas/appLDAP?
</login-config>
-
3. Re: Custom LDAP security domain
valsaraj007 Apr 6, 2015 5:39 AM (in response to rodrigo.uchoa)Hi Rodrigo,
I referred the custom security domain from jboss-web.xml as:
<jboss-web>
<security-domain>appLDAP</security-domain>
</jboss-web>
Thanks!