Repository: karaf Updated Branches: refs/heads/master cc15dcf2e -> 8a0d1289f
[KARAF-3105] Add LDAPLoginModule sample to work with ActiveDirectory Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/8a0d1289 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/8a0d1289 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/8a0d1289 Branch: refs/heads/master Commit: 8a0d1289f011631b7c44d2790238ea9facf0a76c Parents: cc15dcf Author: Jean-Baptiste Onofré <[email protected]> Authored: Sat Jul 12 14:18:11 2014 +0200 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Sat Jul 12 14:18:11 2014 +0200 ---------------------------------------------------------------------- .../developers-guide/security-framework.conf | 23 ++++++++++++++++++++ 1 file changed, 23 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/8a0d1289/manual/src/main/webapp/developers-guide/security-framework.conf ---------------------------------------------------------------------- diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf index dee5b81..b994a22 100644 --- a/manual/src/main/webapp/developers-guide/security-framework.conf +++ b/manual/src/main/webapp/developers-guide/security-framework.conf @@ -273,6 +273,29 @@ The LDAPLoginModule supports the following patterns that you can use in the filt * {{%fqdn}} is replaced by the user full qualified DN ({{userDN,userBaseDN}}). * {{%nsdn}} is replaced by the userDNNamespace (interesting especially for ActiveDirectory). +For instance, the following configuration will work properly with ActiveDirectory (adding the ActiveDirectory to the +default {{karaf}} realm): + +{code} +<jaas:config name="karaf" rank="2"> + <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> + initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory + connection.username=admin + connection.password=xxxxxxx + connection.protocol= + connection.url=ldap://activedirectory_host:389 + user.base.dn=ou=Users,ou=there,DC=local + user.filter=(sAMAccountName=%u) + user.search.subtree=true + role.base.dn=ou=Groups,ou=there,DC=local + role.name.attribute=cn + role.filter=(member=%nsdn) + role.search.subtree=true + authentication=simple + </jaas:module> +</jaas:config> +{code} + h2. Encryption service The [EncryptionService|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java] is a service registered in the OSGi registry providing means to encrypt and check encrypted passwords. This service acts as a factory for [Encryption|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/Encryption.java] objects actually performing the encryption.
