[KARAF-3105] Add LDAPLoginModule sample to work with ActiveDirectory
Project: http://git-wip-us.apache.org/repos/asf/karaf/repo Commit: http://git-wip-us.apache.org/repos/asf/karaf/commit/dca77919 Tree: http://git-wip-us.apache.org/repos/asf/karaf/tree/dca77919 Diff: http://git-wip-us.apache.org/repos/asf/karaf/diff/dca77919 Branch: refs/heads/karaf-3.0.x Commit: dca779192f9910414af86ef0aa60cd98351a9ced Parents: 3675cf3 Author: Jean-Baptiste Onofré <[email protected]> Authored: Sat Jul 12 14:18:11 2014 +0200 Committer: Jean-Baptiste Onofré <[email protected]> Committed: Sat Jul 12 14:21:05 2014 +0200 ---------------------------------------------------------------------- .../developers-guide/security-framework.conf | 23 ++++++++++++++++++++ 1 file changed, 23 insertions(+) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/karaf/blob/dca77919/manual/src/main/webapp/developers-guide/security-framework.conf ---------------------------------------------------------------------- diff --git a/manual/src/main/webapp/developers-guide/security-framework.conf b/manual/src/main/webapp/developers-guide/security-framework.conf index dee5b81..b994a22 100644 --- a/manual/src/main/webapp/developers-guide/security-framework.conf +++ b/manual/src/main/webapp/developers-guide/security-framework.conf @@ -273,6 +273,29 @@ The LDAPLoginModule supports the following patterns that you can use in the filt * {{%fqdn}} is replaced by the user full qualified DN ({{userDN,userBaseDN}}). * {{%nsdn}} is replaced by the userDNNamespace (interesting especially for ActiveDirectory). +For instance, the following configuration will work properly with ActiveDirectory (adding the ActiveDirectory to the +default {{karaf}} realm): + +{code} +<jaas:config name="karaf" rank="2"> + <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required"> + initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory + connection.username=admin + connection.password=xxxxxxx + connection.protocol= + connection.url=ldap://activedirectory_host:389 + user.base.dn=ou=Users,ou=there,DC=local + user.filter=(sAMAccountName=%u) + user.search.subtree=true + role.base.dn=ou=Groups,ou=there,DC=local + role.name.attribute=cn + role.filter=(member=%nsdn) + role.search.subtree=true + authentication=simple + </jaas:module> +</jaas:config> +{code} + h2. Encryption service The [EncryptionService|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java] is a service registered in the OSGi registry providing means to encrypt and check encrypted passwords. This service acts as a factory for [Encryption|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/Encryption.java] objects actually performing the encryption.
