...
toptop Anchor
Geronimo uses the Apache Directory Server for its directory service, this is part of the Apache Directory Project. Geronimo implements the following two projects from the ApacheDS project.
...
- Start Geronimo and log into the Administration Console
- Click on
Create/Install
under thePlugins
folder - If there are no repositories in the list click the
Update Repository List
link - Click on
Search for Plugins
- From the list select
Apache Directory 0.92 for Geronimo
Click onContinue
button(1.1)
- Click on
Install Plugin
All the needed components will be download and, if successful, you will see a message indicating that the plugin was installed. - Click the
Start
button to start Apache DirectoryonStart geronimo/directory/1.1/car
LDAP sample application
...
Once you connect to the Geronimo Directory server you will see the initial configuration, this configuration can be exported as a backup in a ldif file. Depending the LDAP client you are using the export/import steps will be different. When you export the initial configuration you get an ldif file with a content similar as the one shown in the following example.
...
...
Now you need to import the entries needed to run the sample application. Packaged with the sample application is a sample .ldif
file with all the entries necessary to run the LDAP sample application, this file is located in <ldap_home>/ldap-sample.ldif.
The following example shows the content of the ldap-sample.ldif
file.
...
...
Once the file is imported you should get a confirmation that five entries were successfully imported.
...
The LDAP sample application provides a security realm that needs to be deployed before the deployment of the application itself. This realm is located in <ldap_home>/ldap-realm.xml and the content is illustrated in the following example.
...
...
To deploy the ldap-realm.xml run the following command from the <geronimo_home>/bin directory:
...
Once deployed you should see a confirmation message similar to the following example: bgColor No Format
#000000
Back to Top
For further details refer to the LDAP Realm section.
...
The deployment plans are located in the <ldap_home>/WEB-INF directory. Clearly, geronimo-web.xml is the Geronimo specific deployment plan. It provides the details on what security realm to use and user role mappings as well as the Geronimo specific namespace used to identify the elements in the security configuration. Common to other types of applications, not just security, the deployment plan also provides the main namespace for the deployment plan, a module identification (optional), a parent module configuration ID (also optional) and a context root. The following example illustrates the Geronimo specific deployment plan.
...
...
Note that these role mappings will be overridden by the actual roles (what users pertaining to what groups) defined in the LDAP server. Ultimately it is the realm defined in the application deployment plan who determines the velidation method. Nevertheless, for this particular example, you still need to define principals and role mappings as determined in the XML schemas.
The web.xml deployment descriptor shown in the following example (also located in the <ldap_home>/WEB-INF diretory) adds security constraints based on the location of the files.
...
...
Package the sample application
...
Once the Web application is successfully deployed you should see a confirmation message similar as the one shown in the following example: bgColor No Format
#000000
To test the LDAP application open a Web browser and access the following URL:
...
Depending on the web container you are using (that is Jetty or Tomcat) the presentation of that screen may be slightly different.
To further test this example you could now try the different users provided in the ldap-sample.ldif
, use your LDAP client and add/remove users from the different groups. You will notice the changes immediatly (you may need to close your web browser).