geronimo-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cristian Roldan <roldan...@yahoo.com.ar>
Subject Geronimo and Microsoft Active Directory
Date Mon, 23 Jan 2006 12:00:10 GMT
Hi All,
      I configured the ldap-realm to use a Microsoft Active Directory, here is the configuration
that I used.
   
   
     <gbean name="ldap-login"
        class="org.apache.geronimo.security.jaas.LoginModuleGBean">
        <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
        <attribute name="serverSide">true</attribute>
        <attribute name="options">
  initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
  connectionURL=ldap://[HOSTNAME]:389
  connectionUsername=cn=[USER],cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
  connectionPassword=[USER_PASSWORD]
  connectionProtocol=
  authentication=simple
  userBase=cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
  userSearchMatching=(&amp;(sAMAccountName={0})(objectcategory=user))
  userSearchSubtree=false
  roleBase=cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
  roleName=cn
  roleSearchMatching=(member={0})
  roleSearchSubtree=false
  userRoleName=
   </attribute>
        <attribute name="loginDomainName">ldap-realm</attribute>
    </gbean>
  
NOTE
  [USER] : This user must have read access to cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
cn=[USER],cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN] : The [USER]'s distinguish Name
[USER_PASSWORD] : The [USER]'s password
cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]: The context where the windows's users and groups
are registered.
  DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN] : This value depends on your oraganization, you should
ask your Microsoft Active Directory Administrator.
  
If someone needs I can make a better documentation in my free time.
  
Bye.
  PD: I think the LDAPLoginModule.java could be improved adding much more lines of info/debug/error,
in case of configuring
a complex integration DEBUG plays a critical role.
   

		
---------------------------------
 1GB gratis, Antivirus y Antispam
 Correo Yahoo!, el mejor correo web del mundo
 Abrí tu cuenta aquí
Mime
View raw message