此内容没有您所选择的语言版本。
3.3. LDAP Based Authentication Module
The following is an example of what would appear in the server configuration file for an
LDAPExtended
authentication module defined for the ldap_security_domain
security domain.
<subsystem xmlns="urn:jboss:domain:security:1.2"> <security-domains> <security-domain name="ldap_security_domain"> <authentication> <login-module code="LdapExtended" flag="required"> <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory" /> <module-option name="java.naming.provider.url" value="ldap://mydomain.org:389" /> <module-option name="java.naming.security.authentication" value="simple" /> <module-option name="bindDN" value="myuser" /> <module-option name="bindCredential" value="mypasswd" /> <module-option name="baseCtxDN" value="ou=People,dc=XXXX,dc=ca" /> <module-option name="baseFilter" value="(cn={0})" /> <module-option name="rolesCtxDN" value="ou=Webapp-Roles,ou=Groups,dc=XXXX,dc=ca" /> <module-option name="roleFilter" value="(member={1})" /> <module-option name="uidAttributeID" value="member" /> <module-option name="roleAttributeID" value="cn" /> <module-option name="roleAttributeIsDN" value="true" /> <module-option name="roleNameAttributeID" value="cn" /> <module-option name="roleRecursion" value="-1" /> <module-option name="searchScope" value="ONELEVEL_SCOPE" /> <module-option name="allowEmptyPasswords" value="false" /> <module-option name="throwValidateError" value="true" /> </login-module> </authentication> </security-domain> </security-domains> </subsystem>
For more information about EAP security, the
LDAPExtended
module, or any of the provided authentication modules, refer to the JBoss Enterprise Application Platform Security Guide.
Note
If using SSL to connect to the LDAP server, you would also need to ensure the Corporate CA Certificate is added to the JRE truststore.