...
This section covers the configuration of the LDAP directory service in Geronimo when the Web container in use is Jetty. For this configuration example, the sample application used is a modified version of the application already available in the open JIRA GERONIMO-417.
LDAP sample application
Download the sample application from the following URL:
...
At this point it is assumed that you have installed Java 1.4.2 and an LDAP client and you are capable of loading exporting/importing an .ldif file to a directory server.
...
Ensure that Geronimo is up and running and the Directory service is started. Start your LDAP client and create a new connection profile with the following values:
...
Once the file is imported you should get a confirmation that five entries were successfully imported.
Deploy the LDAP realm
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ ldap-realm.xml and the content is illustrated in the following example.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
<?xml version="1.0" encoding="UTF-8"?>
<configuration
xmlns="http://geronimo.apache.org/xml/ns/deployment"
configId="org/apache/geronimo/ldap-secure"
parentId="org/apache/geronimo/Server">
<gbean name="ldap-login"
class="org.apache.geronimo.security.jaas.LoginModuleGBean">
<attribute name="loginModuleClass">org.apache.geronimo.security.realm.providers.LDAPLoginModule</attribute>
<attribute name="serverSide">true</attribute>
<attribute name="options">
initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory
connectionURL=ldap://localhost:1389
connectionUsername=uid=admin,ou=system
connectionPassword=secret
connectionProtocol=
authentication=simple
userBase=ou=users,ou=system
userSearchMatching=uid={0}
userSearchSubtree=false
roleBase=ou=groups,ou=system
roleName=cn
roleSearchMatching=(uniqueMember={0})
roleSearchSubtree=false
userRoleName=
</attribute>
<attribute name="loginDomainName">ldap-realm</attribute>
</gbean>
<gbean name="ldap-realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm">
<attribute name="realmName">ldap-realm</attribute>
<reference name="LoginModuleConfiguration">
<name>ldap-login</name>
</reference>
<reference name="ServerInfo">
<module>org/apache/geronimo/System</module>
<name>ServerInfo</name>
</reference>
<!-- Add -->
<reference name="LoginService">
<gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name>
</reference>
</gbean>
<gbean name="ldap-login" class="org.apache.geronimo.security.jaas.JaasLoginModuleUse">
<attribute name="controlFlag">REQUIRED</attribute>
<reference name="LoginModule">
<name>ldap-login</name>
</reference>
</gbean>
<gbean name="ldaptest"
class="org.apache.geronimo.security.jaas.ServerRealmConfigurationEntry">
<attribute name="applicationConfigName">ldaptest</attribute>
<attribute name="realmName">ldap-realm</attribute>
<reference name="LoginService"><gbean-name>geronimo.server:J2EEApplication=null,J2EEModule=org/apache/geronimo/Security,J2EEServer=geronimo,j2eeType=JaasLoginService,name=JaasLoginService</gbean-name></reference>
</gbean>
</configuration> |
To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:
java -jar deployer.jar --user system --password manager deploy <ldap_home>/ldap-realm.xml
Once deployed you should see a confirmation message similar to this one:
No Format bgColor #000000 borderStyle solid E:\geronimo\bin>java -jar deployer.jar --user system --password manager deploy e:/ldap-jetty/ldap-realm.xml
Deployed org/apache/geronimo/ldap-secure
Configure Geronimo LDAP using Tomcat
Anchor | ||||
---|---|---|---|---|
|