Ldap based login in Teiid VDB
sanjay_chaturvedi Mar 22, 2017 1:44 PMFrom teiid documentation it is clear that apart from text based login module(teiid-security-user.properties) file there isalso an option to use ldap based login.
I have a user say pqr under domain xyz, so the user is xyz+pqr or xyz\pqr, which is a Microsoft Active Directory user,. Ldap server ldap://host:389 is integrated with MS AD.
Could someone please assist me how to configure this thing in standalone.xml, I dont want to store user/password in teiid-security-users.properties file.
I tried
Add following security domain under <security-domains>:
<security-domain name="teiid-security" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.provider.url" value="ldap://host:389/"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="principalDNPrefix" value="uid="/>
<module-option name="principalDNSuffix" value=",ou=People,dc=jboss,dc=org"/>
<module-option name="rolesCtxDN" value="ou=Roles,dc=jboss,dc=org"/>
<module-option name="uidAttributeID" value="member"/>
<module-option name="matchOnUserDN" value="true"/>
<module-option name="roleAttributeID" value="cn"/>
<module-option name="roleAttributeIsDN" value="false"/>
<module-option name="searchTimeLimit" value="5000"/>
<module-option name="searchScope" value="ONELEVEL_SCOPE"/>
</login-module>
</authentication>
</security-domain>
And comment out following lines :
<security-domain name="teiid-security" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">
<module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>
<module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>
</login-module>
</authentication>
</security-domain>
Nothing explicit I added apart from java.naming.provider.url in the conf, I am not sure if rest of the attributes are making any sense, here, Please assist.
Thanks,
Sanjay