[jboss-user] [Security & JAAS/JBoss] - Re: Active Directory and LdapExtLoginModule?

ksiva_rajesh do-not-reply at jboss.com
Tue Mar 13 16:02:54 EDT 2007 

Hi Neelixx,

The LdapExtLoginModule is awesome. Thanks a lot for your timely and valuable help.

Finally our LdapExtLoginModule started working fine. Below is our configuration. Hope this would help someone else, who is searching for similar information.

This configuration information completely depends on the way Active Directory or any Directory Services has been setup with Users, Groups/ roles etc.


  | <!-- Attempt 1 with LdapExtLoginModule -->
  |   <application-policy name="HMActiveDirecotry">
  |     <authentication>
  |       <login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
  |       <module-option name="java.naming.provider.url">ldap://<ldap host ip address>:389/</module-option>
  |       <module-option name="java.naming.security.authentication">simple</module-option>
  |       <module-option name="bindDN">CN=<>User Name who is having privileges for searching thru the directory service,OU=<Groups>,DC=company,DC=<domain classification></module-option> 
  |        <module-option name="bindCredential"><Password></module-option>
  |        <module-option name="baseCtxDN">OU=<Top level group>,dc=company,dc=<domain classification></module-option>
  |        <module-option name="baseFilter">(CN={0})</module-option>
  |        <module-option name="rolesCtxDN">OU=<Top level group>,dc=company,dc=<domain classification></module-option>
  |        <module-option name="roleFilter">(member={1})</module-option>
  |        <module-option name="roleAttributeID">CN</module-option>
  |        <module-option name="roleRecursion">-1</module-option>
  |     </login-module>
  |    </authentication>
  | </application-policy>
  | 

Here I've mention the HTML just to let every one know what are the parameters I have configures to connect with AD.

View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4027668#4027668

Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4027668

More information about the jboss-user mailing list