Versions Compared

Old Version 3

changes.mady.by.user David Wolff

Saved on

compared with

New Version 4

changes.mady.by.user David Wolff

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

class = org.apache.geronimo.security.realm.providers.LDAPLoginModule Options:

Option

Description

initialContextFactory

...

The class name of the initial context factory. Usually com.sun.jndi.ldap.LdapCtxFactory.

connectionURL

...

The LDAP connection URL, such as ldap://localhost:1389 . Note that the usual LDAP port is 389.

connectionUsername

...

The DN used by the login module itself for authentication to the directory server.

connectionPassword

...

The credential (password) that is used by the login module to authenticate itself to the directory server.

connectionProtocol

...

The security protocol to use. This value is determined by the service provider. This can be left blank. An example would be SSL

...

.

authentication

...

The security level to use. Its value is one of the following strings: "none", "simple", "strong". If this property is unspecified

...

the behavior is determined by the service provider.

userBase

...

The base DN for the

...

group membership search.

userSearchMatching

...

The filter specification for how to search for

...

user

...

entries. RFC 2254 filters are allowed. In addition you can pass a parameter to the search filter instead of the literal value. For example: this is RFC 2254 filter spec: (cn=Babs Jensen). If you want to parameterize the value of the CN attribute type, specify (cn = {0}). This integer refers to the parameter number. Parameter value is the user name. This query must return exactly one object.

userSearchSubtree

...

Defines the directory search scope for

...

user entries. If set to true, the directory search scope is SUBTREE, if set to false, the directory search scope is ONE-LEVEL.

roleBase

...

The base DN for the group membership search.

roleName

...

The LDAP attribute

...

that identifies the group name

...

in the

...

entry returned from the group membership

...

search. Note that group membership query is defined by the roleSearchMatching parameter. Often group name parameter is cn.

roleSearchMatching

...

The filter specification for how to search for

...

roles. RFC 2254 filters are allowed. In addition you can pass parameters to the search filter instead of the literal value. For example: (uniqueMember = {0}). This integer refers to the parameter number. This parameter is the DN of the authenticated user. Note that if role membership for the user is defined in the member-of-like attribute (see userRoleName parameter) you may not need to search for group membership with the query.

roleSearchSubtree

...

Defines the directory search scope for

...

roles. If set to true, the directory search scope is SUBTREE, if set to false, the directory search scope is ONE-LEVEL.

userRoleName

...

LDAP attribute type for the user group membership. Different LDAP schemas represent user group membership in different ways. Examples are: memberOf, isMemberOf, member, etc. Values of these attributes are identifiers of groups that a user is a member of. For example, if you have: memberOf: cn=admin,ou=groups,dc=foo, specify memberOf as the value for the userRoleName attribute. Be aware of the relationship between this parameter and group membership query. Sometimes (often) they will return the same data.

Wiki Markup
{scrollbar}