지원콘솔개발자평가판 시작연락처

이 콘텐츠는 선택한 언어로 제공되지 않습니다.

7.3. Enabling LDAP Authentication

Revision History
12/05/12
modified the procedure to work in a fabric

Abstract

Fabric containers come with a preinstalled LDAP login module. To activate it you need to reconfigure the default JAAS realm to use the LDAP login module and associate the new realm with all of the containers in the fabric.

Overview

Fabric containers supply a JAAS login module that enables it to use LDAP to authenticate users. The JAAS LDAP login module is implemented by the org.apache.karaf.jaas.modules.ldap.LDAPLoginModule class. It is preloaded by the containers, so you do not need to install its bundle.
To enable LDAP authentication, you need to create a new profile that redefines the default karaf realm to use the LDAP login module and deploy it to every container in the management console's fabric. Once this is done, all access to the management console Web console, and all of the fabric containers' command consoles, will be authenticated against your LDAP server.

Procedure

To enable the fabric containers to use LDAP for user authentication:
  1. Create a Maven project to package and deploy the LDAP JAAS realm to the fabric's Maven proxy as shown in the section called “Creating a Maven project for deploying a JAAS realm”.
  2. Create a JAAS realm that uses the LDAP login module:
    1. Open the blueprint XML file in src/main/resources/OSGI-INF/my-service.xml in a text editor.
    2. Delete the bean and service elements.
    3. Add a jaas:config element to the blueprint.
    4. Add a name attribute to the jaas:config element and set its value to karaf.
      Note
      This will override the default realm used by the container.
    5. Add a rank attribute to the jaas:config element and set its value to 5.
      Note
      This will insure that this realm is used by the container.
    6. Add a jaas:module element to the jaas:config element.
    7. Add a className attribute to the jaas:module element and set its value to org.apache.karaf.jaas.modules.ldap.LDAPLoginModule.
      Example 7.4, “LDAP JAAS Login Module” shows the blueprint file.

      Example 7.4. LDAP JAAS Login Module

      <jaas:config ... >
  <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
               flags="required">
    ...
  </jaas:module>
</jaas:config>
    8. Provide values for the properties described in Table 6.2, “Properties for the Red Hat JBoss A-MQ LDAP Login Module”.
  3. Deploy the JAAS realm to the fabric's maven proxy using the mvn deploy command.
  4. In the management console create a new profile for deploying the LDAP realm.
    See Using the Management Console.
  5. Select the Bundles tab.
  6. Add the bundle you uploaded for the JAAS realm to the profile.
    Bundles are specified using Maven URLs. For example if your project's group ID is my.jaas.realm and the artifact ID is ldap, the Maven URL for the bundle will be mvn:my.jaas.realm/ldap/version.
    See Using the Management Console.
  7. Add the new profile to all of the containers in the fabric.
    See Using the Management Console.
Red Hat logoGithubRedditYoutubeTwitter

자세한 정보

평가판, 구매 및 판매

커뮤니티

Red Hat 문서 정보

Red Hat을 사용하는 고객은 신뢰할 수 있는 콘텐츠가 포함된 제품과 서비스를 통해 혁신하고 목표를 달성할 수 있습니다.

보다 포괄적 수용을 위한 오픈 소스 용어 교체

Red Hat은 코드, 문서, 웹 속성에서 문제가 있는 언어를 교체하기 위해 최선을 다하고 있습니다. 자세한 내용은 다음을 참조하세요.Red Hat 블로그.

Red Hat 소개

Red Hat은 기업이 핵심 데이터 센터에서 네트워크 에지에 이르기까지 플랫폼과 환경 전반에서 더 쉽게 작업할 수 있도록 강화된 솔루션을 제공합니다.

© 2024 Red Hat, Inc.