geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hernan Cunico <>
Subject Re: Who understands the LDAP login module?
Date Mon, 21 Nov 2005 16:07:59 GMT
these parameters are discussed in the "Security -> Available Login 
Modules" section on the confluence site, here is the link:

This section is not finished yet but you should still find there what 
you need.


Aaron Mulder wrote:
> Well, that's a start, but it doesn't actually explain what any of the
> LDAP login module options are -- it only tells you what to set them to
> if you want to connect to the sample.  I'd like to come up with a
> meaningful text description of each option:
> initialContextFactory
> connectionURL
> connectionUsername
> connectionPassword
> connectionProtocol
> authentication
> userBase
> userSearchMatching
> userSearchSubtree
> roleBase
> roleName
> roleSearchMatching
> roleSearchSubtree
> userRoleName
> I have a vague idea of some of them from hacking around with this kind
> of stuff before -- but for the most part, I probably coun't explain it
> well.  But even for nominally straightforward ones like connect
> username and password -- does the provided account need to be an LDAP
> administrator?  Do I understand right that the realm will attempt to
> bind to LDAP as the user to verify their password?  If so, why do you
> need the admin account and search params, why not just connect as the
> user and if it works look up their groups?
> Thanks,
>    Aaron
> On 11/20/05, Jeff Genender <> wrote:
>>Looks like Hernan put together a really nice tutorial on Geronimo with
>>the LDAp login module and Apache Directory.
>>Aaron Mulder wrote:
>>>It has like 14 parameters -- if I could get some help figuring out
>>>what all of those mean, and maybe some samples for hooking it up to
>>>OpenLDAP, Sun LDAP, and Active Directory LDAP, that would be
>>>    Aaron

View raw message