此内容没有您所选择的语言版本。
3.3. LDAP Based Authentication Module
The following is an example of what would appear in the server configuration file for an
LDAPExtended authentication module defined for the ldap_security_domain security domain.
<subsystem xmlns="urn:jboss:domain:security:1.2">
<security-domains>
<security-domain name="ldap_security_domain">
<authentication>
<login-module code="LdapExtended" flag="required">
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" />
<module-option name="java.naming.provider.url" value="ldap://mydomain.org:389" />
<module-option name="java.naming.security.authentication" value="simple" />
<module-option name="bindDN" value="myuser" />
<module-option name="bindCredential" value="mypasswd" />
<module-option name="baseCtxDN" value="ou=People,dc=XXXX,dc=ca" />
<module-option name="baseFilter" value="(cn={0})" />
<module-option name="rolesCtxDN" value="ou=Webapp-Roles,ou=Groups,dc=XXXX,dc=ca" />
<module-option name="roleFilter" value="(member={1})" />
<module-option name="uidAttributeID" value="member" />
<module-option name="roleAttributeID" value="cn" />
<module-option name="roleAttributeIsDN" value="true" />
<module-option name="roleNameAttributeID" value="cn" />
<module-option name="roleRecursion" value="-1" />
<module-option name="searchScope" value="ONELEVEL_SCOPE" />
<module-option name="allowEmptyPasswords" value="false" />
<module-option name="throwValidateError" value="true" />
</login-module>
</authentication>
</security-domain>
</security-domains>
</subsystem>
For more information about EAP security, the
LDAPExtended module, or any of the provided authentication modules, refer to the JBoss Enterprise Application Platform Security Guide.
Note
If using SSL to connect to the LDAP server, you would also need to ensure the Corporate CA Certificate is added to the JRE truststore.
