Author: bdaw
Date: 2007-03-03 11:38:30 -0500 (Sat, 03 Mar 2007)
New Revision: 6500
Added:
docs/trunk/referenceGuide/en/modules/ldap.xml
Log:
ldap chapter in reference guide
Added: docs/trunk/referenceGuide/en/modules/ldap.xml
===================================================================
--- docs/trunk/referenceGuide/en/modules/ldap.xml (rev 0)
+++ docs/trunk/referenceGuide/en/modules/ldap.xml 2007-03-03 16:38:30 UTC (rev 6500)
@@ -0,0 +1,159 @@
+<chapter id="ldap">
+ <chapterinfo>
+ <author>
+ <firstname>Boleslaw</firstname>
+ <surname>Dawidowicz</surname>
+ <email>boleslaw.dawidowicz at jboss dot com</email>
+ </author>
+ </chapterinfo>
+ <title>LDAP</title>
+ <para>This chapter describes how to setup LDAP support in JBoss
Portal</para>
+ <sect1>
+ <title>How to enable LDAP usage in JBoss Portal</title>
+ <para>We'll describe here the simple steps that you'll need to enable
LDAP support in JBoss Portal.
+ For additional information you need to study more about configuration of
identity and specific implementations of identity modules</para>
+ <para>There are two ways to achieve this:</para>
+ <itemizedlist>
+ <listitem>
+ <para>In
+ <emphasis
role="bold">jboss-porta.sar/META-INF/jboss-service.xml</emphasis>
+ in section:
+ </para>
+ <programlisting><![CDATA[
+<mbean
+ code="org.jboss.portal.identity.IdentityServiceControllerImpl"
+ name="portal:service=Module,type=IdentityServiceController"
+ xmbean-dd=""
+ xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
+ <xmbean/>
+ <depends>portal:service=Hibernate</depends>
+
<!--<depends>jboss.jca:service=DataSourceBinding,name=@portal.datasource.name@</depends>-->
+ <attribute
name="JndiName">java:/portal/IdentityServiceController</attribute>
+ <attribute name="RegisterMBeans">true</attribute>
+ <attribute
name="ConfigFile">conf/identity/identity-config.xml</attribute>
+ <attribute
name="DefaultConfigFile">conf/identity/standardidentity-config.xml</attribute>
+</mbean>]]></programlisting>
+ <para>
+ change
+ <emphasis
role="bold">identity-config.xml</emphasis>
+ to
+ <emphasis
role="bold">ldap_identity-config.xml</emphasis>
+ </para>
+ </listitem>
+ <listitem>
+ <para>Swap the names or content of files in
+ <emphasis
role="bold">jboss-porta.sar/conf/identity/identity-config.xml</emphasis>
+ and
+ <emphasis
role="bold">jboss-porta.sar/conf/identity/ldap_identity-config.xml</emphasis>
+
+ </para>
+ </listitem>
+ </itemizedlist>
+ <para>
+ After doing one of above changes you need to edit configuration file that you
choose to
+ use (identity-config.xml or ldap_identity-config.xml) and configure LDAP
connection options in section:
+ </para>
+ <programlisting><![CDATA[
+<datasource>
+ <name>LDAP</name>
+ <config>
+ <option>
+ <name>host</name>
+ <value>jboss.com</value>
+ </option>
+ <option>
+ <name>port</name>
+ <value>10389</value>
+ </option>
+ <option>
+ <name>adminDN</name>
+ <value>cn=Directory Manager</value>
+ </option>
+ <option>
+ <name>adminPassword</name>
+ <value>qpq123qpq</value>
+ </option>
+ </config>
+</datasource>]]></programlisting>
+ <para>
+ You also need to specify options for your LDAP tree (described in configuration
documentation) like those:
+ </para>
+ <programlisting><![CDATA[
+<option-group>
+ <group-name>common</group-name>
+ <option>
+ <name>userCtxDN</name>
+ <value>ou=People,dc=portal26,dc=jboss,dc=com</value>
+ </option>
+ <option>
+ <name>roleCtxDN</name>
+ <value>ou=Roles,dc=portal26,dc=jboss,dc=com</value>
+ </option>
+</option-group>]]></programlisting>
+
+ <note>
+ Under <emphasis
role="bold">PORTAL_SOURCES/identity/src/resources/example/</emphasis>
you can find a sample ldif that
+ you can use to populate LDAP server and quickly start playing with it.
+ </note>
+
+ </sect1>
+ <sect1>
+ <title>Configuration of LDAP connection</title>
+ <sect2>
+ <title>SSL</title>
+ <para>The setup is very similar to the one described in LdapLoginModule
<ulink
url="http://www.jboss.org/wiki/Wiki.jsp?page=LdapLoginModule"&g...
page</ulink></para>
+ <para>You need to modify your identity configuration file and add
"protocol"</para>
+ <programlisting><![CDATA[
+<datasource>
+ <name>LDAP</name>
+ <config>
+ ...
+ <option>
+ <name>protocol</name>
+ <value>ssl</value>
+ </option>
+ ...
+ </config>
+</datasource>]]></programlisting>
+ <para>
+ Then you need to have LDAP server certificate imported into your keystore.
You can use following command:
+ <programlisting>keytool -import -file ldapcert.der -keystore
ldap.truststore</programlisting>
+ </para>
+ <para>
+ Now you need to change the settings to use the alternative truststore. That
can be done in the properties-service.xml in deploy directory:
+ <programlisting><![CDATA[
+<attribute name="Properties">
+ javax.net.ssl.trustStore=../some/path/to/ldap.truststore
+ javax.net.ssl.trustStorePassword=somepw
+</attribute>]]></programlisting>
+ </para>
+ </sect2>
+ <sect2>
+ <title>ExternalContext</title>
+ <para>Instead of configuring your own connection you can use JNDI context
federation mechanism in JBoss Application Server. Configuration of
+ ExternalContext is described in <ulink
url="http://docs.jboss.com/jbossas/guides/j2eeguide/r2/en/html_singl...
Application Server documentation</ulink></para>
+ <para>When you have ExternalContext configured you can use it in JBoss
Portal by providing proper JNDI name in the configuration:
+ <programlisting><![CDATA[
+<datasource>
+ <name>LDAP</name>
+ <config>
+ <option>
+ <name>externalContextJndiName</name>
+ <value>external/ldap/jboss</value>
+ </option>
+ </config>
+</datasource>]]></programlisting>
+ <note>When using "externalContextJndiName" you don't need
to specify any other option for this datasource</note>
+ </para>
+ </sect2>
+ </sect1>
+ <sect1>
+ <title>Place holder 2</title>
+ <para>TODO:</para>
+ </sect1>
+ <sect1>
+ <title>Place holder 3</title>
+ <para>TODO:</para>
+ </sect1>
+
+</chapter>