Red Hat Summit Red Hat SummitApoyoConsolaDesarrolladoresIniciar una pruebaContacto

Este contenido no está disponible en el idioma seleccionado.

8.4. Enable LDAP Authentication in the OSGi Container

Overview

In this part of the tutorial you will configure an LDAP realm in the OSGi container. The new realm overrides the default karaf realm, so that the container authenticates credentials based on user entries stored in the X.500 directory server.

Procedure

To enable LDAP authentication:
  1. Ensure that the X.500 directory server is running.
  2. Start Red Hat JBoss A-MQ by entering the following command in a terminal window: 
    amq
  3. Create a Blueprint configuration file called ldap-module.xml.
  4. Copy Example 8.1, “Blueprint JAAS Realm” into ldap-module.xml.

    Example 8.1. Blueprint JAAS Realm

    <?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
  xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

  <jaas:config name="karaf" rank="1">
    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
                 flags="required">
      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
      connection.username=uid=admin,ou=system
      connection.password=secret
      connection.protocol=
      connection.url=ldap://localhost:10389
      user.base.dn=ou=users,ou=system
      user.filter=(uid=%u)
      user.search.subtree=true
      role.base.dn=ou=roles,ou=system
      role.name.attribute=cn
      role.filter=(member=uid=%u)
      role.search.subtree=true
      authentication=simple
    </jaas:module>
  </jaas:config>
</blueprint>
    This login module creates a JAAS realm called karaf, which is the same name as the default JAAS realm used by Red Hat JBoss A-MQ. By redefining this realm with a rank attribute value greater than 0, it overrides the standard karaf realm which has the rank 0. For more information on configuring a JAAS realm see Section 2.1.2, “Defining JAAS Realms”.
    For a detailed description of configuring JBoss A-MQ to use LDAP see Section 2.2, “Enabling LDAP Authentication”.
    Important
    When setting the JAAS properties above, do not enclose the property values in double quotes.
    Tip
    If you use OpenLDAP, the syntax of the role filter is (member:=uid=%u).
  5. To deploy the new LDAP module, copy the ldap-module.xml into the JBoss A-MQ deploy/ directory.
    The LDAP module is automatically activated.
  6. Test the new LDAP realm by connecting to the running container using the Red Hat JBoss A-MQ client utility.
    1. Open a new command prompt.
    2. change directory to the JBoss A-MQ InstallDir/bin directory.
    3. Enter the following command to log on to the running container instance using the identity janedoe: 
      client -u janedoe -p secret
      You should receive the following message: 
      Authentication failure
      This fails because janedoe does not have the admin role which is required for using the remote console.
    4. Enter the following command to log on to the running container instance using the identity jdoe: 
      client -u jdoe -p secret
      You should successfully log into the container's remote console because jdoe does have the admin role.
    5. Log off the remote console by entering the logout command.
Red Hat logoGithubRedditYoutubeTwitter

Aprender

Pruebe, compre y venda

Comunidades

Acerca de la documentación de Red Hat

Ayudamos a los usuarios de Red Hat a innovar y alcanzar sus objetivos con nuestros productos y servicios con contenido en el que pueden confiar.

Hacer que el código abierto sea más inclusivo

Red Hat se compromete a reemplazar el lenguaje problemático en nuestro código, documentación y propiedades web. Para más detalles, consulte el Blog de Red Hat.

Acerca de Red Hat

Ofrecemos soluciones reforzadas que facilitan a las empresas trabajar en plataformas y entornos, desde el centro de datos central hasta el perímetro de la red.

© 2024 Red Hat, Inc.