THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
<environment>
<moduleId>
<groupId>console.realm</groupId>
<artifactId>LDAP_Sample_Realm</artifactId>
<version>1.0</version>
<type>car</type>
</moduleId>
<dependencies>
<dependency>
<groupId>org.apache.geronimo.configs</groupId>
<artifactId>j2ee-security</artifactId>
<type>car</type>
</dependency>
</dependencies>
</environment>
<gbean name="LDAP_Sample_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm"
xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<attribute name="realmName">LDAP_Sample_Realm</attribute>
<reference name="ServerInfo">
<name>ServerInfo</name>
</reference>
<reference name="LoginService">
<name>JaasLoginService</name>
</reference>
<xml-reference name="LoginModuleConfiguration">
<log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-1.2">
<log:login-module control-flag="REQUIRED" server-side="true" wrap-principals="false">
<log:login-domain-name>LDAP_Sample_Realm</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>
<log:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option>
<log:option name="connectionURL">ldap://localhost:1389</log:option>
<log:option name="connectionUsername">uid=admin,ou=system<connectionURL">ldap://localhost:1389</log:option>
<log:option name="connectionPassword">secret</log:option>
<log:option name="authentication">simple<connectionUsername">uid=admin,ou=system</log:option>
<log:option name="userBase">ou=users,ou=system</log:option>
<log:option name="userSearchMatching">uid={0}<connectionPassword">secret</log:option>
<log:option name="userSearchSubtreeauthentication">false<>simple</log:option>
<log:option name="roleBase">ou=groups,ou=system</log:option>
<log:option name="roleName">cn</log:option>
<log:option name="roleSearchMatching">(uniqueMember={0})</log:option>
<log:option name="roleSearchSubtree">false<userBase">ou=users,ou=system</log:option>
</log:login-module>
<log:login-module control-flagoption name="OPTIONAL" server-side="true" wrap-principals="false">userSearchMatching">uid={0}</log:option>
<log:login-domain-name>LDAP_Sample_Realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
option name="userSearchSubtree">false</log:option>
<log:option name="file">var/log/login-attempts.log<roleBase">ou=groups,ou=system</log:option>
</log:login-module>
< <log:option name="roleName">cn</log:login-config>
option>
</xml-reference>
</gbean>
</module>
<log:option name="roleSearchMatching">(uniqueMember={0})</log:option>
<log:option name="roleSearchSubtree">false</log:option>
</log:login-module>
<log:login-module control-flag="OPTIONAL" server-side="true" wrap-principals="false">
<log:login-domain-name>LDAP_Sample_Realm-Audit</log:login-domain-name>
<log:login-module-class>org.apache.geronimo.security.realm.providers.FileAuditLoginModule</log:login-module-class>
<log:option name="file">var/log/login-attempts.log</log:option>
</log:login-module>
</log:login-config>
</xml-reference>
</gbean>
</module>
|
To deploy the ldap-realm.xml run the following To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:
...
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?> <web-app xmlns="http://geronimo.apache.org/xml/ns/j2ee/web-1.2"> <environment> <moduleId> <groupId>samples</groupId> > <environment> <moduleId> <groupId>samples</groupId> <artifactId>LDAP_Sample</artifactId> <version>1.2</version> </moduleId> </moduleId> </environment> <context-root>/LDAP_Sample</context-root> <security-realm-name>LDAP_Sample_Realm</security-realm-name> <security> <default-principal realm-name="LDAP_Sample_Realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/> </default-principal> <role-mappings> <role role-name="content-administrator"> <realm realm-name="LDAP_Sample_Realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="admin" designated-run-as="true"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="system"/> </realm> </role> <role role-name="guest"> <realm realm-name="LDAP_Sample_Realm"> <principal class="org.apache.geronimo.security.realm.providers.GeronimoGroupPrincipal" name="guest" designated-run-as="true"/> <principal class="org.apache.geronimo.security.realm.providers.GeronimoUserPrincipal" name="user1"/> </realm> </role> </role-mappings> </security> </web-app> |
...