THIS IS A TEST INSTANCE. ALL YOUR CHANGES WILL BE LOST!!!!
...
This section covers the configuration of the LDAP directory service in Geronimo when the Web container in use is Jetty. For this configuration example, the sample application used is a modified version of the application already available in the open JIRA GERONIMO-417.
LDAP sample application
Download the sample application from the following URL:
...
At this point it is assumed that you have installed Java 1.4.2 and an LDAP client and you are capable of loading exporting/importing an .ldif file to a directory server.
...
Ensure that Geronimo is up and running and the Directory service is started. Start your LDAP client and create a new connection profile with the following values:
...
Once the file is imported you should get a confirmation that five entries were successfully imported.
Deploy the LDAP realm
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ ldap-realm.xml and the content is illustrated in the following example.
| Code Block | ||||||||
|---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
configId="org/apache/geronimo/ldap-secure"
parentId="org/apache/geronimo/Server">
<gbean name="ldap-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL=ldap://localhost:1389
connectionUsername=uid=admin,ou=system
connectionPassword=secret
connectionProtocol=
authentication=simple
userBase=ou=users,ou=system
userSearchMatching=uid={0}
userSearchSubtree=false
roleBase=ou=groups,ou=system
roleName=cn
roleSearchMatching=(uniqueMember={0})
roleSearchSubtree=false
userRoleName=
</attribute>
<attribute name="loginDomainName">ldap-realm</attribute>
</gbean>
<gbean name="ldap-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">ldap-realm</attribute>
<reference name="LoginModuleConfiguration">
<name>ldap-login</name>
</reference>
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module>
<name>ServerInfo</name>
</reference>
<!-- Add -->
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>
</gbean>
<gbean name="ldap-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<name>ldap-login</name>
</reference>
</gbean>
<gbean name="ldaptest"
class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
<attribute name="applicationConfigName">ldaptest</attribute>
<attribute name="realmName">ldap-realm</attribute>
<reference name="LoginService"><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name></reference>
</gbean>
</configuration> |
To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:
java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml
Once deployed you should see a confirmation message similar to this one:
No Format bgColor #000000 borderStyle solid E:\geronimo\bin>java -jar deployer.jar --user system --password manager deploy e:/ldap-jetty/ldap-realm.xml
Deployed org/apache/geronimo/ldap-secure
Configure Geronimo LDAP using Tomcat
| Anchor | ||||
|---|---|---|---|---|
|