Red Hat SummitA.2. Examples of Full LDAP Authentication
The following example configurations show the full LDAP authentication with AdvancedLdapLoginModule for Active Directory and FreeIPA.The configuration differ in the baseFilter attribute as this is the name identified by the SPNEGOLoginModule.
The options bindAuthentication, jaasSecurityDomain, and java.naming.provider.url configure how the login module connects to LDAP and how the authentication occurs.
The baseCtxDN option is the DN to start the search for the user and the baseFilter attribute in these examples searches for the user using the
sAMAccountName attribute on Active Directory and uid attribute on FreeIPA.
The memberOf attribute is read directly from the user, therefore there is no need to specify the rolesCtxDN or roleFilter property: the attribute defined for the roleAttributeID option is read directly from the user.
The roleAttributeIsDN option specifies that this value is a DN so the group object is retrieved and the roleNameAttributeID option specifies that the attribute
cn is read from the group. The login module returns this role.
The recurseRoles is set to
true so the DN from the located group is used to repeat the process so if a group is configured with the memberOf attribute then this is recursively used to locate all the roles.
A.2.1. Full LDAP Authentication for Active Directory
Copy linkLink copied to clipboard!
The following is an extract of the dumped ldiff from the example Active Directory domain:
The following configuration requires a username and password to be provided for the authentication process:
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}