The following provides instructions on how to set up JBoss Portal server v. 2.6.2 to authenticate against OpenLDAP v. 2.4.6. This is a work in progress so please email me if you find any errors or issues with it.
Thanks, Jeremiah Install OpenLDAP from http://www.openldap.org/software/download/ slapd.conf in the LDAP installation should be configured according to your environment. At a minimum, make sure the following entries appear in slapd.conf: include /usr/local/etc/openldap/schema/core.schema | include /usr/local/etc/openldap/schema/cosine.schema | include /usr/local/etc/openldap/schema/inetorgperson.schema | include /usr/local/etc/openldap/schema/misc.schema | include /usr/local/etc/openldap/schema/nis.schema | include /usr/local/etc/openldap/schema/openldap.schema At the bottom of the file, edit the file to your environment: | database bdb | suffix "o=portal,dc=mydomain,dc=com" | rootdn "uid=admin,ou=People,o=portal,dc=mydomain,dc=com" | # Cleartext passwords, especially for the rootdn, should | # be avoid. See slappasswd(8) and slapd.conf(5) for details. | # Use of strong authentication encouraged. | rootpw {SSHA}ENCRYPTED PASSWORD HIDDEN | # The database directory MUST exist prior to running slapd AND | # should only be accessible by the slapd and slap tools. | # Mode 700 recommended. | directory /usr/local/var/openldap-data | # Indices to maintain | index objectClass eq | Note that the root password is encrypted. This is achieved by running 'slappasswd -s <password we want to encrypt>'. In the LDAP schema file below, the encrypted passwords were produced in a similar manner. Once OpenLDAP is installed, the slapd daemon may be started by executing the following: sudo <path>/slapd "path" represents the directory that slapd is located in. On my machine is was installed at /usr/local/libexec, but your environment may be different. Install JBoss Portal server from http://labs.jboss.com/jbossportal/download/index.html Create an ldap schema definition file that we will use to authenticate against. Here is an example: [CODE] # Define the top-level object. dn: o=portal,dc=mydomain,dc=com objectclass: top objectclass: organization o: portal # Define the organizational unit will contain any portal users. dn: ou=People,o=portal,dc=mydomain,dc=com objectclass: top objectclass: organizationalUnit ou: People # Define an administrator for the system. dn: uid=admin,ou=People,o=portal,dc=mydomain,dc=com objectclass: top objectclass: inetOrgPerson objectclass: person uid: admin cn: Portal Administrator sn: Administrator userPassword: HIDDEN mail: [EMAIL PROTECTED] # Define another user. dn: uid=jlopez,ou=People,o=portal,dc=mydomain,dc=com objectclass: top objectclass: inetOrgPerson objectclass: person uid: jlopez cn: jlopez sn: Lopez userPassword: HIDDEN mail: [EMAIL PROTECTED] # .... other users can be added in a similar manner or through the user management portlet. # Define the 'Roles' organizational unit. This is required to be named 'Roles'. dn: ou=Roles,o=portal,dc=mydomain,dc=com objectclass: top objectclass: organizationalUnit ou: Roles # Define an Admin role. dn: cn=Admin,ou=Roles,o=portal,dc=mydomain,dc=com objectClass: top objectClass: groupOfNames cn: Admin description: Portal admin role member: uid=admin,ou=People,o=portal,dc=mydomain,dc=com # Define a User role. dn: cn=User,ou=Roles,o=portal,dc=mydomain,dc=com objectClass: top objectClass: groupOfNames cn: User description: Portal user role member: uid=jlopez,ou=People,o=portal,dc=mydomain,dc=com [CODE] Save this file as schema.ldif. Verify that slapd is running (ps -ef | grep slapd) and load the schema we created into the server: ldapadd -x -D "cn=admin,dc=mydomain,dc=com" -W -f schema.ldif A file needs to be created on the JBoss server that specifies how LDAP lookups should be done. This file is not included in a binary install, so you will need to create the following file in the following directory ($JBOSS_HOME/server/default/deploy/jboss-portal.sar/conf/identity) and call it ldap_identity-config.xml. This file should edited to your specific environment. | <?xml version="1.0" encoding="UTF-8"?> | <!--<!DOCTYPE identity-configuration PUBLIC | "-//JBoss Portal//DTD JBoss Identity Configuration 1.0//EN" | "http://www.jboss.org/portal/dtd/identity-config_1_0.dtd";>--> | | <identity-configuration> | <datasources> | <datasource> | <name>LDAP</name> | <config> | <option> | <name>host</name> | <value>localhost</value> | </option> | <option> | <name>port</name> | <value>389</value> | </option> | <option> | <name>adminDN</name> | <value>uid=admin,ou=People,o=portal,dc=mydomain,dc=com</value> | </option> | <option> | <name>adminPassword</name> | <value>HIDDEN</value> | </option> | <!--<option> | <name>protocol</name> | <value>ssl</value> | </option>--> | </config> | </datasource> | </datasources> | <modules> | <module> | <!--type used to correctly map in IdentityContext registry--> | <type>User</type> | <implementation>LDAP</implementation> | <config/> | </module> | <module> | <type>Role</type> | <implementation>LDAP</implementation> | <config/> | </module> | <module> | <type>Membership</type> | <implementation>LDAP</implementation> | <config/> | </module> | <module> | <type>UserProfile</type> | <implementation>DELEGATING</implementation> | <config> | <option> | <name>ldapModuleJNDIName</name> | <value>java:/portal/LDAPUserProfileModule</value> | </option> | </config> | </module> | <module> | <type>DBDelegateUserProfile</type> | <implementation>DB</implementation> | <config> | <option> | <name>randomSynchronizePassword</name> | <value>true</value> | </option> | </config> | </module> | <module> | <type>LDAPDelegateUserProfile</type> | <implementation>LDAP</implementation> | <config/> | </module> | </modules> | | <options> | <option-group> | <group-name>common</group-name> | <option> | <name>userCtxDN</name> | <value>ou=People,o=portal,dc=mydomain,dc=com</value> | </option> | <option> | <name>roleCtxDN</name> | <value>ou=Roles,o=portal,dc=mydomain,dc=com</value> | </option> | </option-group> | <option-group> | <group-name>userCreateAttibutes</group-name> | <option> | <name>objectClass</name> | <!--This objectclasses should work with Red Hat Directory--> | <value>top</value> | <value>person</value> | <value>inetOrgPerson</value> | </option> | <!--Schema requires those to have initial value--> | <option> | <name>cn</name> | <value>none</value> | </option> | <option> | <name>sn</name> | <value>none</value> | </option> | </option-group> | <option-group> | <group-name>roleCreateAttibutes</group-name> | <!--Schema requires those to have initial value--> | <option> | <name>cn</name> | <value>none</value> | </option> | <!--Some directory servers require this attribute to be valid DN--> | <!--For safety reasons point to the admin user here--> | <option> | <name>member</name> | <value>uid=admin,ou=People,o=portal,dc=mydomain,dc=com</value> | </option> | </option-group> | </options> | </identity-configuration> | Finally, we need to edit the jboss-service.xml file in $JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF to point to the ldap_identity-config.xml we just created. Change the following line: conf/identity/identity-config.xml to conf/identity/ldap_identity-config.xml Restart the JBoss server and attempt to login using the username / passwords that we created in the LDAP schema file. View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4105663#4105663 Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4105663 _______________________________________________ jboss-user mailing list [email protected] https://lists.jboss.org/mailman/listinfo/jboss-user
