[
https://issues.apache.org/jira/browse/GERONIMO-4818?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12748681#action_12748681
]
Ivan commented on GERONIMO-4818:
--------------------------------
Currently, I think we could configure it ldap in the way below
1. Just add the configurations to the server-security-config module segment of
the config.xml
<gbean
name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModule,name=ldap-login"
gbeanInfo="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute
name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
<attribute name="options">roleSearchMatching=uniqueMember={0}
userSearchMatching=uid={0}
userBase=ou=users,ou=system
connectionUsername=uid=admin,ou=system
roleName=cn
userSearchSubtree=true
authentication=simple
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
roleBase=ou=groups,ou=system
connectionPassword=secret
connectionURL=ldap://9.186.10.16:10389
roleSearchSubtree=true</attribute>
<attribute name="loginDomainName">geronimo-admin</attribute>
</gbean>
<gbean name="geronimo-admin">
<reference name="LoginModuleConfiguration">
<pattern>
<name>ldap-login-use</name>
</pattern>
</reference>
</gbean>
<gbean
name="org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car?ServiceModule=org.apache.geronimo.framework/server-security-config/2.2-SNAPSHOT/car,j2eeType=LoginModuleUse,name=ldap-login-use"
gbeanInfo="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<pattern>
<name>ldap-login</name>
</pattern>
</reference>
</gbean>
</module>
Not sure whether there is a better way to do it. :-)
> Can not configure username and password of logging in the server through ldap
> -----------------------------------------------------------------------------
>
> Key: GERONIMO-4818
> URL: https://issues.apache.org/jira/browse/GERONIMO-4818
> Project: Geronimo
> Issue Type: Bug
> Security Level: public(Regular issues)
> Components: security, Tomcat
> Affects Versions: 2.2
> Environment: xp:sp2
> jdk 1.6
> Reporter: liangkun
> Attachments: geronimo-realm.ldif, ldap.xml
>
>
> 1.Setup Apache Directory Server
> 2.Copy geronimo-real.ldif to your ldap server and run command to import your
> ldap entries:
> $ ldapmodify -h [your_ldap_server_ip] -p 10389 -D "uid=admin,ou=system" -w
> secret -a -f [your_geronimo-realm_path]
> aslo you can use other 3-rd party directory client tool such as Apache
> directory studio to import this ldap file.
> 3.Customize ldap server ip : <log:option name="connectionURL">ldap://<your
> host ip>:10389</log:option> in ldap.xml and copy it to your wasce server ,
> and go to wasce server bin directory and run command:
> deploy.sh/bat --user system --password manager deploy
> <deployment_plan_home>/ldap.xml
> also you can deploy it via admin console "deploy new"->"achive plan"
> :ldap.xml
> 4.Shutdown wasce server, and modify
> $your_geronimo_server/var/config/config.xml as below:
> change <module
> name="org.apache.geronimo.framework/server-security-config/2.1.4/car"/> to
> <module name="org.apache.geronimo.framework/server-security-config/2.1.4/car">
> <gbean name="geronimo-admin" load="false"/>
> </module>
> 5.Restart Geronimo server, and login it with username: test, password:
> manager.
> 5.Restart geronimo server, and login it with username: test, password:
> manager.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
