mercredi 21 février 2018

Connecting Ldap server with Wildfly

I'm new to both Wildfly and LDAP. I have a wildfly server (version 9.0.2) up that is running a web application and I would like to enable user login into this web application using credentials from ldap accounts.

I have followed other some basic tutorials online and I still can't get it to work.

So far, I have done this:

Added to the standalone.xml file

 <security-realm name="ApplicationRealm">
   <authentication>
       <ldap connection="LocalLdap" base-dn="ou=cloudera,dc=hadoop,dc=com">
                    <username-filter attribute="uid"/>
       </ldap>
  </authentication>
 </security-realm>
</security-realms>
<outbound-connections>
     <ldap name="LocalLdap" url="ldap://ldap_server_url:389" search-dn="Manager,dc=hadoop,dc=com" search-credential="admin"/>
</outbound-connections>

And:

<security-domain name="LDAPAuth">
   <authentication>
        <login-module code="LdapExtended" flag="required">
                       <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
                        <module-option name="java.naming.provider.url" value="ldap://ldap_server_url:389"/>
                        <module-option name="java.naming.security.authentication" value="simple"/>
                        <module-option name="bindDN" value="cn=Manager,dc=hadoop,dc=com"/>
                        <module-option name="bindCredential" value="admin"/>
                        <module-option name="baseCtxDN" value="ou=cloudera,dc=hadoop,dc=com"/>
                        <module-option name="baseFilter" value="(uid={0})"/>
                        <module-option name="rolesCtxDN" value="ou=cloudera,dc=hadoop,dc=com"/>
                        <module-option name="roleFilter" value="objectClass=posixGroup"/>
                        <module-option name="roleAttributeID" value="cn"/>
                        <module-option name="searchScope" value="SUBTREE_SCOPE"/>
                        <module-option name="allowEmptyPasswords" value="true"/>
                    </login-module>
                </authentication>
            </security-domain>

To the web.xml file in the web application:

<security-constraint>
<web-resource-collection>
    <web-resource-name>HtmlAuth</web-resource-name>
    <description>application security constraints</description>
    <url-pattern>/*</url-pattern>
    <http-method>GET</http-method>
    <http-method>POST</http-method>
</web-resource-collection>
   <auth-constraint>
      <role-name>*</role-name>
   </auth-constraint>
</security-constraint>
<login-config>
    <auth-method>BASIC</auth-method>
    <realm-name>ApplicationRealm</realm-name>
</login-config>
<security-role>
    <role-name>*</role-name>
</security-role>

To jboss-web.xml

<?xml version="1.0" encoding="UTF-8"?>
<jboss-web>
    <security-domain>LDAPAuth</security-domain>
    <use-jboss-authorization>true</use-jboss-authorization>
</jboss-web>

Do I have to set up an ldap client which points to the server on the wildfly server and then point it locally? Thanks




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)