From teiid documentation it is clear that apart from text based login module(teiid-security-user.properties) file there isalso an option to use ldap based login.

I have a user say pqr under domain xyz, so the user is xyz+pqr or xyz\pqr, which is a Microsoft Active Directory user,. Ldap server ldap://host:389 is integrated with MS AD.

Could someone please assist me how to configure this thing in standalone.xml, I dont want to store user/password in teiid-security-users.properties file.

I tried

Add following security domain under <security-domains>:

                <security-domain name="teiid-security" cache-type="default">

                    <authentication>

                        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">

                            <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                            <module-option name="java.naming.provider.url" value="ldap://host:389/"/>

                            <module-option name="java.naming.security.authentication" value="simple"/>

                            <module-option name="principalDNPrefix" value="uid="/>

                            <module-option name="principalDNSuffix" value=",ou=People,dc=jboss,dc=org"/>

                            <module-option name="rolesCtxDN" value="ou=Roles,dc=jboss,dc=org"/>

                            <module-option name="uidAttributeID" value="member"/>

                            <module-option name="matchOnUserDN" value="true"/>

                            <module-option name="roleAttributeID" value="cn"/>

                            <module-option name="roleAttributeIsDN" value="false"/>

                            <module-option name="searchTimeLimit" value="5000"/>

                            <module-option name="searchScope" value="ONELEVEL_SCOPE"/>

                        </login-module>

                    </authentication>

                </security-domain>

And comment out following lines :

<security-domain name="teiid-security" cache-type="default">

                    <authentication>

                        <login-module code="org.jboss.security.auth.spi.UsersRolesLoginModule" flag="required">

                            <module-option name="usersProperties" value="${jboss.server.config.dir}/teiid-security-users.properties"/>

                            <module-option name="rolesProperties" value="${jboss.server.config.dir}/teiid-security-roles.properties"/>

                        </login-module>

                    </authentication>

                </security-domain>

Nothing explicit I added apart from java.naming.provider.url in the conf, I am not sure if rest of the attributes are making any sense, here, Please assist.

Thanks,

Sanjay