Elytron ldap-realm - dir-context
Hi,
I'm trying to migrate PicketLink LdapLoginModule to Elytron (Wildfly 18.0.1)
My previous configuration using legacy security
<security-domain name="MySecurityDomain" cache-type="default">
<authentication>
<login-module code="Ldap" flag="sufficient">
<module-option name="java.naming.provider.url" value="ldap://myactivedirectory:389/"/>
<module-option name="principalDNSuffix" value="@mydomain.local"/>
<module-option name="rolesCtxDN" value="DC=mydomain,DC=local"/>
<module-option name="uidAttributeID" value="sAMAccountName"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleAttributeIsDN" value="true"/>
</login-module>
</authentication>
</security-domain>
With this configuration, i was able to establish a connection with myactivedirectory using the user credentials (user trying to login).
Using Elytron with the following configuration everything works fine.
However i would like to remove the principal and credential from dir-context, and establish the connection using user credentials (user trying to login) as i did using legacy security.
Is this possible with Elytron?
<security-domains>
...
<security-domain name="MySecurityDomain" default-realm="MySecurityRealm" permission-mapper="default-permission-mapper">
<realm name="MySecurityRealm"/>
</security-domain>
...
</security-domains>
<security-realms>
...
<ldap-realm name="MySecurityRealm" dir-context="myDirContext" direct-verification="true">
<identity-mapping rdn-identifier="sAMAccountName" search-base-dn="OU=users,DC=mydomain,DC=local">
<attribute-mapping>
<attribute from="name" to="Roles" filter="(member={1})" filter-base-dn="OU=groups,DC=mydomain,DC=local" role-recursion="1"/>
</attribute-mapping>
</identity-mapping>
</ldap-realm>
</security-realms>
<http>
<http-authentication-factory name="mysecurity-http-authentication" security-domain="MySecurityDomain" http-server-mechanism-factory="global">
<mechanism-configuration>
<mechanism mechanism-name="FORM">
<mechanism-realm realm-name="MySecurityRealm"/>
</mechanism>
</mechanism-configuration>
</http-authentication-factory>
</http>
<dir-contexts>
<dir-context name="myDirContext" url="ldap://myactivedirectory:389" principal="CN=AD Connector,OU=users,DC=mydomain,DC=local">
<credential-reference clear-text="mypassword"/>
</dir-context>
</dir-contexts>
Thanks in advance.
