Adam Edwards created KARAF-3105:
-----------------------------------
Summary: Cannot use LDAPLoginModule with ActiveDirectory
Key: KARAF-3105
URL: https://issues.apache.org/jira/browse/KARAF-3105
Project: Karaf
Issue Type: Bug
Components: karaf-security
Affects Versions: 2.3.5
Reporter: Adam Edwards
Fix For: 2.3.6
Please consider my pull request: https://github.com/apache/karaf/pull/44
When trying to configure LDAPLoginModule for use with Active Directory, I could
not find a way with the current configuration to have the authorization work
properly due to the use of the member attribute in AD. I saw the %fqdn in the
code but unfortunately that would not work properly when search subtree is set
to true. I think %fqdn should actually be removed and replaced with my code,
but didn't want to touch it just in case. I put in 2.3.x branch as I want to
see this make it into the next Fuse6.x release.
With this modification, the following example will work properly with Active
Directory as the LDAP server.
{code}
<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0";
xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0";
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0";>
<jaas:config name="karaf" rank="2">
<jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule"
flags="required">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
[email protected]
connection.password=xxxxxxx
connection.protocol=
connection.url=ldap://dc01.mdw.local:389
user.base.dn=ou=Users,ou=mdw,DC=mdw,DC=local
user.filter=(sAMAccountName=%u)
user.search.subtree=true
role.base.dn=ou=Groups,ou=mdw,DC=mdw,DC=local
role.name.attribute=cn
role.filter=(member=%nsdn)
role.search.subtree=true
authentication=simple
</jaas:module>
</jaas:config>
</blueprint>
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
