Versions Compared

Old Version 3

changes.mady.by.user Hernan Cunico

Saved on

compared with

New Version Current

changes.mady.by.user Runhua Chi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migration of unmigrated content due to installation of a new plugin
Wiki Markup
{scrollbar}

This document cover covers some of the alternatives for configuring LDAP Realms in Apache Geronimo v2.1. In previous version of Apache Geronimo, ApacheDS as was shipped along with Geronimo, to . To reduce the server footprint and exploit the Geronimo plugin architecture the LDAP server is currently available as an optional plugin install rather then being bundled with the Geronimo server for 2.1. Having said this, ApacheDS is not a requirement for configuring an LDAP Realm, however . However it will be practical for the purposes of this document to use a local LDAP server.

...

  • Login into the Geronimo Administration Console.
  • Click on Plugins.
  • Click on Update Repository List (optional if you are already pointing to http://geronimo.apache.org/plugins/geronimo-2.1Image Removed).
  • Click on Show Plugins in selected repository.
  • Click on Apache Geronimo-Apache Directory Server Plugin 1.0 LDAP link , it should show up as installable.
  • Scroll all the way to the bottom of the page and click Install.

...

  • deploy search-plugins.
  • Select the appropriate repository from the list, for this example select 1. http://geronimo.apache.org/plugins/geronimo-2.1/Image Removed.
  • From the following list identify Apache Geronimo-Apache Directory Server Plugin (1.0), this option will be presented under the LDAP category with an ID number.
  • Enter that ID number for the LDAP plugin (e.g.78) and hit Enter.

...

  • Login into the Geronimo Administration Console.
  • Click on Security Realms portlet.
  • Click on Add new security realm.
  • Enter a value for the Name of Security Realm:.
  • Select LDAP Realm from the Realm Type: pull-down menu and click Next.
  • Enter settings corresponding to your LDAP configuration and click Next.
  • Select Advanced Settings as desired.
  • To verify the settings are correct click Test a Login.
  • Enter a pair of known username and password, or leave these fields blank to use anonymous login of the LDAP server, then click Next.
  • You should receive a confirmation message the connection succeded Login succeeded with 1 principals
  • Click on Deploy Realm.

...

We mentioned that when using the command line deployer you will need to provide a deployment plan. The purpose of this section is to show you a sample deployment plan, for additional details refer to the ldap-sample-app - LDAP Sample Application section.

Code Block
XML
XML
titleSample LDAP Realm deployment plan
borderStylesolid
<module xmlns="http://geronimo.apache.org/xml/ns/deployment-1.2">
    <environment>
        <moduleId>
            <groupId>console.realm</groupId>
            <artifactId>LDAP_Test_Realm</artifactId>
            <version>1.0</version>
            <type>car</type>
        </moduleId>
        <dependencies>
            <dependency>
                <groupId>org.apache.geronimo.framework</groupId>
                <artifactId>j2ee-security</artifactId>
                <type>car</type>
            </dependency>
        </dependencies>
    </environment>
    <gbean name="LDAP_Test_Realm" class="org.apache.geronimo.security.realm.GenericSecurityRealm" 
				xsi:type="dep:gbeanType" xmlns:dep="http://geronimo.apache.org/xml/ns/deployment-1.2" 
				xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
        <attribute name="realmName">LDAP_Test_Realm</attribute>
        <reference name="ServerInfo">
            <name>ServerInfo</name>
        </reference>
        <xml-reference name="LoginModuleConfiguration">
            <log:login-config xmlns:log="http://geronimo.apache.org/xml/ns/loginconfig-2.0">
                <log:login-module control-flag="REQUIRED" wrap-principals="false">
                    <log:login-domain-name>LDAP_Test_Realm</log:login-domain-name>
                    <log:login-module-class>org.apache.geronimo.security.realm.providers.LDAPLoginModule</log:login-module-class>
                    <log:option name="connectionUsername">uid=admin,ou=system</log:option>
                    <log:option name="userSearchSubtree">false</log:option>
                    <log:option name="roleSearchMatching">uniqueMember={0}</log:option>
                    <log:option name="roleBase">ou=users,ou=system</log:option>
                    <log:option name="connectionPassword">secret</log:option>
                    <log:option name="roleName">cn</log:option>
                    <log:option name="initialContextFactory">com.sun.jndi.ldap.LdapCtxFactory</log:option>
                    <log:option name="roleSearchSubtree">false</log:option>
                    <log:option name="connectionURL">ldap://localhost:10389</log:option>
                    <log:option name="userBase">ou=users,ou=system</log:option>
                    <log:option name="userSearchMatching">uid={0}</log:option>
                    <log:option name="authentication">simple</log:option>
                </log:login-module>
            </log:login-config>
        </xml-reference>
    </gbean>
</module>