Geronimo and Microsoft Active Directory

[Cristian Roldan]

Hi All,

    I configured the ldap-realm to use a Microsoft Active Directory, here is the configuration that I used.

 

 

   <gbean name="ldap-login"
        class="org.apache.geronimo.security.jaas.LoginModuleGBean">
        <attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
        <attribute name="serverSide">true</attribute>
        <attribute name="options">
  initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
  connectionURL=ldap://[HOSTNAME]:389
  connectionUsername=cn=[USER],cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
  connectionPassword=[USER_PASSWORD]
  connectionProtocol=
  authentication=simple
  userBase=cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
  userSearchMatching=(&amp;(sAMAccountName={0})(objectcategory=user))
  userSearchSubtree=false
  roleBase=cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
  roleName=cn
  roleSearchMatching=(member={0})
  roleSearchSubtree=false
  userRoleName=
   </attribute>
        <attribute name="loginDomainName">ldap-realm</attribute>
    </gbean>

NOTE

[USER] : Thi s user must have read access to cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]
cn=[USER],cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN] : The [USER]'s distinguish Name
[USER_PASSWORD] : The [USER]'s password
cn=Users,DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN]: The context where the windows's users and groups are registered.

DC=[DOMAIN],DC=[DOMAIN],DC=[DOMAIN] : This value depends on your oraganization, you should ask your Microsoft Active Directory Administrator.

If someone needs I can make a better documentation in my free time.

Bye.

PD: I think the LDAPLoginModule.java could be improved adding much more lines of info/debug/error, in case of configuring
a complex integration DEBUG plays a critical role.

 

---

1GB gratis, Antivirus y Antispam
Correo Yahoo!, el mejor correo web del mundo
Abrí tu cuenta aquí