1 Reply Latest reply on May 15, 2015 6:52 AM by ninjasftw

    creating security realm authorization through jboss-cli.sh

    ninjasftw

      Hi,

       

      I'm trying to create the authorization component of a security realm using jboss-cli.sh

       

      I have created the realm itself and the authentication component using the following commands

      /core-service=management/security-realm=LdapConnection:add()

      /core-service=management/security-realm=LdapConnection/authentication=ldap:add(username-attribute="uid",connection="remoteLdap", base-dn="ou=People,dc=sssl,dc=server,dc=com", recursive="true")

       

      When I try and create the ldap authorization section it complains that a subcomponent doesn't exist

       

      /core-service=management/security-realm=LdapConnection/authorization=ldap:add(connection="remoteLdap")

      {

          "outcome" => "failed",

          "failure-description" => "JBAS015290: Configuration for security realm 'LdapConnection' does not contain any group-search resource within the authorization=ldap resource.",

          "rolled-back" => true,

          "response-headers" => {"process-state" => "reload-required"}

      }

       

      I know that group-search needs to be child attribute of the ldap connection but how can I create it if I can't create the parent?

        • 1. Re: creating security realm authorization through jboss-cli.sh
          ninjasftw

          Turns out its a composite operation so needs to be executed as part of a batch.

           

          batch

          /core-service=management/security-realm=LdapConnection/authorization=ldap/username-to-dn=username-filter:add(base-dn="ou=People,dc=sssl,dc=server,dc=com", recursive="false", attribute="uid", user-dn-attribute="dn", force="true")

          /core-service=management/security-realm=LdapConnection/authorization=ldap/group-search=group-to-principal:add(group-attribute="member",iterative=true,group-dn-attribute="dn", group-name="SIMPLE",group-name-attribute="cn",base-dn="ou=Groups,ou=Apps,dc=sssl,dc=server,dc=com",search-by="DISTINGUISHED_NAME",principal-attribute="member")

          run-batch