...
top Anchor
This sample shows how you can use a Lightweight Directory Access Protocol (LDAP) server to configure and control access to resources on your Geronimo server.
...
NOTE: The Apache Geronimo-Apache Directory plugin can not be installed in Geronimo 2.1.2. If you are using Geronimo 2.1.2 with this sample you must use an external LDAP server. However, the Apache Geronimo-Apache Directory plugin can be installed in Geronimo 2.1.3 and this sample works equally well with the Geronimo 2.1.3.
...
This article is organized in the following sections:
...
Starting the LDAP server
If you installed the Apache Geronimo-Apache Directory Plugin it should have been started as part of the installation. You can verify that it is started from command line using the deployer tool or via the Geronimo Administration Console.
...
Source Code for Sample
You can checkout the source code of this sample from SVN:
svn checkout https://svn.apache.org/repos/asf/geronimo/samples/tags/samples-parent-2.1.2/samples/ldap-sample-app ldap-sample-app
The above command places the source under ldap-sample-app, from now on this directory will be referred as <ldap_home>.
Please reference Samples General Information for information on obtaining and building the source for this and other samples.
At this point you can choose to install an LDAP client and import/export an .ldif
file to a directory server. However, this At this point you can choose to install an LDAP client and import/export an .ldif
file to a directory server. However, this is not required. Directions are provided if you choose to not install an LDAP client.
...
When you installed the Apache Geronimo-Apache Directory plugin you may have noticed a message on the console similar to the following:
...
...
This is because the directory server does not yet have any content. You can manually add the content necessary for the sample by including the ldap-sample.ldif from the sample source in the location specified in the message (<geronimo-home>/var/ldif/) and restarting the Geronimo server or optionally just the directory configuration in the server.
...
When you export the initial configuration you get an ldif file with a content similar as the one shown in the following example.
...
...
Now you need to import the entries needed to run the sample application. Packaged with the sample application is a sample .ldif
file with all the entries necessary to run the LDAP sample application, this file is located in <ldap_home>/ldap-sample.ldif. To import the data with ldapmodify tool execute the following command:
...
The following example shows the content of the ldap-sample.ldif
file.
...
...
Once the file is imported you should get a confirmation that five entries were successfully imported.
...
One way to install the LDAP realm for the sample is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1/ if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Samples :: ldap-sample-app :: security realm and then install it. However, this process hides many of the details of creating and installing the realm. For those details refer to the next section.
...
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ldap-realm.xml and the content is illustrated in the following example.
...
This deployment plan tell Geronimo all the connection and search parameters against the LDAP database. This plan also specifies to record each login attempt into the login-attempts.log
log file.
...
Once deployed you should see a confirmation message similar to the following example:
No Format
Back to Top
For further details refer to the LDAP Realm section.
...
One way to install the LDAP sample application is by installing a Geronimo plugin created for this purpose. You can do this by navigating in the Geronimo Administration Console to Applications -> Plugins. Once in the view, updating the repository list (which should add http://geronimo.apache.org/plugins/geronimo-2.1.2/ if not already included), selecting the referenced repository, and then select Show Plugins in selected repository to display the list of all possible plugins in this directory. Locate the Geronimo Configs :: LDAP Sample for Tomcat or Geronimo Configs :: LDAP Sample for Jetty (depending upon you Geronimo service choice) and then install it. However, this process hides many of the details of creating and installing the sample. For those details refer to the next section.
...
There is a common deployment plan that is used for the sample. The unprocessed version of this plan is at ldap-sample-app/ldap-sample-app-jetty/src/main/plan/plan.xml. The processed version shown here with plugin name and all dependencies filled in can be found at ldap-sample-app/ldap-sample-app-jetty/target/resources/META-INF/plan.xml after building the project.
...
Most of the deployment plan is straight forward. However, the security configuration is tricky. The <security-realm-name> is described in the <security> element through a sequence of declarations in each <realm> element.
...
The web.xml deployment descriptor shown in the following example (also located in the <ldap_home>/WEB-INF diretory) adds security constraints based on the location of the files.
...
...
Package the sample application
...
Once the Web application is successfully deployed you should see a confirmation message similar as the one shown in the following example:
No Format
To test the LDAP application open a Web browser and access the following URL:
...