1 Reply Latest reply on Apr 30, 2010 5:52 PM by Matt Davis

    LdapIdentityStore and Active Directory help

    Matt Davis Newbie

      I could use some help getting LdapIdentityStore to connect to my Active Directory instance.


      I was able to successfully login using:


      <security-identity jaas-config-name="myConfig" />
      
      



      myConfig from login-config.xml:


      <application-policy name="myConfig">
       <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required">
        <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
        <module-option name="java.naming.provider.url">ldap://1.1.1.1:389</module-option>
        <module-option name="java.naming.security.authentication">simple</module-option>
        <module-option name="principalDNSuffix">@ABC.com</module-option>
        <module-option name="rolesCtxDN">CN=Users,dc=ABC,dc=com</module-option>
        <module-option name="matchOnUserDN">false</module-option>
        <module-option name="uidAttributeID">sAMAccountName</module-option>
        <module-option name="roleAttributeID">memberOf</module-option>
        <module-option name="roleAttributeIsDN">true</module-option>
        <module-option name="searchScope">SUBTREE_SCOPE</module-option>
        <module-option name="allowEmptyPasswords">false</module-option>
        <module-option name="java.naming.factory.initial"></module-option>
       <login-module>
      <login-module code="org.jboss.security.ClientLoginModule" flag="required" />
      </application-policy>
      
      



      How do I translate this into properties for the ldap-identity-store tag in components.xml?


      Right now I have:


      <security:ldap-identity-store
        name="ldapIdentityStore"
        server-address="1.1.1.1"
        server-port="389"
        user-DN-suffix="#messages['ldap.user.principal.name.suffix']}"(this resolves to @ABC.com)
        role-context-DN="CN=Users,dc=ABC,dc=com"
        user-name-attribute="sAMAccountName"
        user-role-attribute="memberOf"
        role-attribute-is-DN="true" />
      



      I've tried lots of other permutations and properties but am not having much luck. Any advice would be appreciated.