...
class = org.apache.geronimo.security.realm.providers.LDAPLoginModule Options:
Option | Description |
---|---|
initialContextFactory |
...
The class name of the initial context factory. Usually | |
connectionURL |
...
The LDAP connection URL, such as ldap://localhost:1389 . Note that the usual LDAP port is 389. | |
connectionUsername |
...
The DN used by the login module itself for authentication to the directory server. | |
connectionPassword |
...
The credential (password) that is used by the login module to authenticate itself to the directory server. | |
connectionProtocol |
...
The security protocol to use. This value is determined by the service provider. This can be left blank. An example would be SSL |
...
. |
authentication |
...
The security level to use. Its value is one of the following strings: "none", "simple", "strong". If this property is unspecified |
...
the behavior is determined by the service provider. |
userBase |
...
The base DN for the |
...
group membership search. |
userSearchMatching |
...
The filter specification for how to search for |
...
user |
...
entries. RFC 2254 filters are allowed. In addition you can pass a parameter to the search filter instead of the literal value. For example: this is RFC 2254 filter spec: (cn=Babs Jensen). If you want to parameterize the value of the CN attribute type, specify (cn = {0}). This integer refers to the parameter number. Parameter value is the user name. This query must return exactly one object. |
userSearchSubtree |
...
Defines the directory search scope for |
...
user entries. If set to true, the directory search scope is SUBTREE, if set to false, the directory search scope is ONE-LEVEL. |
roleBase |
...
The base DN for the group membership search. | |
roleName |
...
The LDAP attribute |
...
that identifies the group name |
...
in the |
...
entry returned from the group membership |
...
search. Note that group membership query is defined by the |
roleSearchMatching |
...
The filter specification for how to search for |
...
roles. RFC 2254 filters are allowed. In addition you can pass parameters to the search filter instead of the literal value. For example: (uniqueMember = {0}). This integer refers to the parameter number. This parameter is the DN of the authenticated user. Note that if role membership for the user is defined in the member-of-like attribute (see |
roleSearchSubtree |
...
Defines the directory search scope for |
...
roles. If set to true, the directory search scope is SUBTREE, if set to false, the directory search scope is ONE-LEVEL. |
userRoleName |
...
LDAP attribute type for the user group membership. Different LDAP schemas represent user group membership in different ways. Examples are: memberOf, isMemberOf, member, etc. Values of these attributes are identifiers of groups that a user is a member of. For example, if you have: memberOf: cn=admin,ou=groups,dc=foo, specify memberOf as the value for the |
Wiki Markup |
---|
{scrollbar} |