1 Reply Latest reply on Sep 21, 2012 12:12 AM by traviskoch

Encrypting ldap bindCredential in AS7

avarakin Aug 17, 2012 2:40 PM

I am trying to setup LdapExtLoginModule to use encrypted LDAP password in EAP 6 which is based on 7.1.2.

So far this is what I did:

Added this to standalone.xml:

<module-option name="jaasSecurityDomain" value="jboss.security:service=JaasSecurityDomain,domain=jmx-console"/>

Created jboss-service.xml and placed into deployment directory:

<mbean code="org.jboss.security.plugins.JaasSecurityDomain"

name="jboss.security:service=JaasSecurityDomain,domain=jmx-console">

</constructor>

<attribute name="KeyStorePass">server</attribute>

<attribute name="Salt">server</attribute>

</mbean>

</server>

JBoss immediately picked up jboss-service.xml but complained that org.jboss.security.plugins.JaasSecurityDomain does not exist.

After some googling I found that jbosssx.jar is not included in AS7 and is replaced by picketbox.

I was able to configure DataSource passwords using picketbox, should I follow this same approach with LDAP passwords? If so, how do I do it? It seems that LDAP assumes that we will use JaaSecurityDomain.

Thanks!

1. Re: Encrypting ldap bindCredential in AS7

traviskoch Sep 21, 2012 12:12 AM (in response to avarakin)

I was working on the same issue. Solved it using the vault.
Discovered this by looking at the source code for the LdapLoginModules and noticed they were checking for 'Vaultified' credentials.

Anyway, here's the relevant documentation.
https://community.jboss.org/wiki/JBossAS7SecuringPasswords
Actions