Repository: incubator-brooklyn
Updated Branches:
  refs/heads/master 8cdb16666 -> f5f01268b


LDAP authentication doc

 - added an example brooklyn.properties


Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo
Commit: 
http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/418a202a
Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/418a202a
Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/418a202a

Branch: refs/heads/master
Commit: 418a202ad84f153063ff29e95cff2f3dd00b9e5d
Parents: 8cdb166
Author: Valentin Aitken <[email protected]>
Authored: Fri Jul 31 15:21:49 2015 +0300
Committer: Valentin Aitken <[email protected]>
Committed: Fri Jul 31 18:24:33 2015 +0300

----------------------------------------------------------------------
 docs/guide/ops/brooklyn_properties.md           | 38 ++++++++++++++++----
 .../security/provider/LdapSecurityProvider.java |  8 ++++-
 2 files changed, 38 insertions(+), 8 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/418a202a/docs/guide/ops/brooklyn_properties.md
----------------------------------------------------------------------
diff --git a/docs/guide/ops/brooklyn_properties.md 
b/docs/guide/ops/brooklyn_properties.md
index 450252a..01d087e 100644
--- a/docs/guide/ops/brooklyn_properties.md
+++ b/docs/guide/ops/brooklyn_properties.md
@@ -102,14 +102,38 @@ each `<username>` specified in the 
`brooklyn.webconsole.security.users` list.
 
 Other security providers available include:
 
-* **No one**: 
`brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.BlackholeSecurityProvider`
-  will block all logins (e.g. if not using the web console)
-* **No security**: 
`brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.AnyoneSecurityProvider`
-  will allow logins with no credentials (e.g. in secure dev/test environments) 
-* **LDAP**: 
`brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.LdapSecurityProvider`
-  will cause Brooklyn to call to an LDAP server to authenticate users;
-  `brooklyn.webconsole.security.ldap.{url,realm}` must also be set as 
`brooklyn.properties`
+### No one
 
+`brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.BlackholeSecurityProvider`
+will block all logins (e.g. if not using the web console)
+
+### No security
+
+`brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.AnyoneSecurityProvider`
+will allow logins with no credentials (e.g. in secure dev/test environments) 
+
+### LDAP
+
+`brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.LdapSecurityProvider`
+will cause Brooklyn to call to an LDAP server to authenticate users;
+The other things you need to set in `brooklyn.properties` are:
+
+* `brooklyn.webconsole.security.ldap.url` - ldap connection url
+* `brooklyn.webconsole.security.ldap.realm` - ldap dc parameter (domain)
+* `brooklyn.webconsole.security.ldap.ou` *optional, by default it set to 
Users* -  ldap ou parameter
+
+**brooklyn.properties example configuration:**
+
+```
+brooklyn.webconsole.security.provider=brooklyn.rest.security.provider.LdapSecurityProvider
+brooklyn.webconsole.security.ldap.url=ldap://localhost:10389/????X-BIND-USER=uid=admin%2cou=system,X-BIND-PASSWORD=secret,X-COUNT-LIMIT=1000
+brooklyn.webconsole.security.ldap.realm=example.com
+```
+
+After you setup the brooklyn connection to your LDAP server, you can 
authenticate in brooklyn using your cn (e.g. John Smith) and your password.
+`brooklyn.rest.security.provider.LdapSecurityProvider` searches in the LDAP 
tree in LDAP://cn=John Smith,ou=Users,dc=example,dc=com
+
+If you want to customize the ldap path or something else which is particular 
to your LDAP setup you can extend `LdapSecurityProvider` class or implement 
from scratch the `SecurityProvider` interface.
 
 ## Entitlements
 

http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/418a202a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
----------------------------------------------------------------------
diff --git 
a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
 
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
index c8c10a1..328a4fd 100644
--- 
a/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
+++ 
b/usage/rest-server/src/main/java/brooklyn/rest/security/provider/LdapSecurityProvider.java
@@ -100,7 +100,13 @@ public class LdapSecurityProvider extends 
AbstractSecurityProvider implements Se
         }
     }
 
-    private String getUserDN(String user) {
+    /**
+     * Returns the LDAP path for the user
+     *
+     * @param user
+     * @return String
+     */
+    protected String getUserDN(String user) {
         List<String> domain = 
Lists.transform(Arrays.asList(ldapRealm.split("\\.")), new Function<String, 
String>() {
             @Override
             public String apply(String input) {

Reply via email to