Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

7.3. Enabling LDAP Authentication

Revision History
12/05/12
modified the procedure to work in a fabric

Abstract

Fabric containers come with a preinstalled LDAP login module. To activate it you need to reconfigure the default JAAS realm to use the LDAP login module and associate the new realm with all of the containers in the fabric.

Overview

Fabric containers supply a JAAS login module that enables it to use LDAP to authenticate users. The JAAS LDAP login module is implemented by the org.apache.karaf.jaas.modules.ldap.LDAPLoginModule class. It is preloaded by the containers, so you do not need to install its bundle.
To enable LDAP authentication, you need to create a new profile that redefines the default karaf realm to use the LDAP login module and deploy it to every container in the management console's fabric. Once this is done, all access to the management console Web console, and all of the fabric containers' command consoles, will be authenticated against your LDAP server.

Procedure

To enable the fabric containers to use LDAP for user authentication:
  1. Create a Maven project to package and deploy the LDAP JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
  2. Create a JAAS realm that uses the LDAP login module:
    1. Open the blueprint XML file in src/main/resources/OSGI-INF/my-service.xml in a text editor.
    2. Delete the bean and service elements.
    3. Add a jaas:config element to the blueprint.
    4. Add a name attribute to the jaas:config element and set its value to karaf.
      Note
      This will override the default realm used by the container.
    5. Add a rank attribute to the jaas:config element and set its value to 5.
      Note
      This will insure that this realm is used by the container.
    6. Add a jaas:module element to the jaas:config element.
    7. Add a className attribute to the jaas:module element and set its value to org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.
      Example 7.4, “LDAP JAAS Login Module” shows the blueprint file.

      Example 7.4. LDAP JAAS Login Module

      <jaas:config ... >
  <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
               flags="required">
    ...
  </jaas:module>
</jaas:config>
    8. Provide values for the properties described in Table 6.2, “Properties for the Red Hat JBoss A-MQ LDAP Login Module”.
  3. Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
  4. In the management console create a new profile for deploying the LDAP realm.
    See Using the Management Console.
  5. Select the Bundles tab.
  6. Add the bundle you uploaded for the JAAS realm to the profile.
    Bundles are specified using Maven URLs. For example if your project's group ID is my.jaas.realm and the artifact ID is ldap, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version.
    See Using the Management Console.
  7. Add the new profile to all of the containers in the fabric.
    See Using the Management Console.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.