[jboss-user] [JBoss Portal] - Instructions for setting up OpenLDAP and JBoss Portal Server
jl7791
do-not-reply at jboss.com
Fri Nov 16 15:49:16 EST 2007
The following provides instructions on how to set up JBoss Portal server v. 2.6.2 to authenticate against OpenLDAP v. 2.4.6. This is a work in progress so please email me if you find any errors or issues with it.
Thanks,
Jeremiah
Install OpenLDAP from http://www.openldap.org/software/download/
slapd.conf in the LDAP installation should be configured according to your environment. At a minimum, make sure the following entries appear in slapd.conf:
include /usr/local/etc/openldap/schema/core.schema
| include /usr/local/etc/openldap/schema/cosine.schema
| include /usr/local/etc/openldap/schema/inetorgperson.schema
| include /usr/local/etc/openldap/schema/misc.schema
| include /usr/local/etc/openldap/schema/nis.schema
| include /usr/local/etc/openldap/schema/openldap.schema
At the bottom of the file, edit the file to your environment:
| database bdb
| suffix "o=portal,dc=mydomain,dc=com"
| rootdn "uid=admin,ou=People,o=portal,dc=mydomain,dc=com"
| # Cleartext passwords, especially for the rootdn, should
| # be avoid. See slappasswd(8) and slapd.conf(5) for details.
| # Use of strong authentication encouraged.
| rootpw {SSHA}ENCRYPTED PASSWORD HIDDEN
| # The database directory MUST exist prior to running slapd AND
| # should only be accessible by the slapd and slap tools.
| # Mode 700 recommended.
| directory /usr/local/var/openldap-data
| # Indices to maintain
| index objectClass eq
|
Note that the root password is encrypted. This is achieved by running 'slappasswd -s <password we want to encrypt>'. In the LDAP schema file below, the encrypted passwords were produced in a similar manner.
Once OpenLDAP is installed, the slapd daemon may be started by executing the following: sudo <path>/slapd
"path" represents the directory that slapd is located in. On my machine is was installed at /usr/local/libexec, but your environment may be different.
Install JBoss Portal server from http://labs.jboss.com/jbossportal/download/index.html
Create an ldap schema definition file that we will use to authenticate against. Here is an example:
[CODE]
# Define the top-level object.
dn: o=portal,dc=mydomain,dc=com
objectclass: top
objectclass: organization
o: portal
# Define the organizational unit will contain any portal users.
dn: ou=People,o=portal,dc=mydomain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People
# Define an administrator for the system.
dn: uid=admin,ou=People,o=portal,dc=mydomain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: admin
cn: Portal Administrator
sn: Administrator
userPassword: HIDDEN
mail: admin at mydomain.com
# Define another user.
dn: uid=jlopez,ou=People,o=portal,dc=mydomain,dc=com
objectclass: top
objectclass: inetOrgPerson
objectclass: person
uid: jlopez
cn: jlopez
sn: Lopez
userPassword: HIDDEN
mail: jlopez at mydomain.com
# .... other users can be added in a similar manner or through the user management portlet.
# Define the 'Roles' organizational unit. This is required to be named 'Roles'.
dn: ou=Roles,o=portal,dc=mydomain,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles
# Define an Admin role.
dn: cn=Admin,ou=Roles,o=portal,dc=mydomain,dc=com
objectClass: top
objectClass: groupOfNames
cn: Admin
description: Portal admin role
member: uid=admin,ou=People,o=portal,dc=mydomain,dc=com
# Define a User role.
dn: cn=User,ou=Roles,o=portal,dc=mydomain,dc=com
objectClass: top
objectClass: groupOfNames
cn: User
description: Portal user role
member: uid=jlopez,ou=People,o=portal,dc=mydomain,dc=com
[CODE]
Save this file as schema.ldif.
Verify that slapd is running (ps -ef | grep slapd) and load the schema we created into the server: ldapadd -x -D "cn=admin,dc=mydomain,dc=com" -W -f schema.ldif
A file needs to be created on the JBoss server that specifies how LDAP lookups should be done. This file is not included in a binary install, so you will need to create the following file in the following directory ($JBOSS_HOME/server/default/deploy/jboss-portal.sar/conf/identity) and call it ldap_identity-config.xml. This file should edited to your specific environment.
| <?xml version="1.0" encoding="UTF-8"?>
| <!--<!DOCTYPE identity-configuration PUBLIC
| "-//JBoss Portal//DTD JBoss Identity Configuration 1.0//EN"
| "http://www.jboss.org/portal/dtd/identity-config_1_0.dtd">-->
|
| <identity-configuration>
| <datasources>
| <datasource>
| <name>LDAP</name>
| <config>
| <option>
| <name>host</name>
| <value>localhost</value>
| </option>
| <option>
| <name>port</name>
| <value>389</value>
| </option>
| <option>
| <name>adminDN</name>
| <value>uid=admin,ou=People,o=portal,dc=mydomain,dc=com</value>
| </option>
| <option>
| <name>adminPassword</name>
| <value>HIDDEN</value>
| </option>
| <!--<option>
| <name>protocol</name>
| <value>ssl</value>
| </option>-->
| </config>
| </datasource>
| </datasources>
| <modules>
| <module>
| <!--type used to correctly map in IdentityContext registry-->
| <type>User</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Role</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>Membership</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| <module>
| <type>UserProfile</type>
| <implementation>DELEGATING</implementation>
| <config>
| <option>
| <name>ldapModuleJNDIName</name>
| <value>java:/portal/LDAPUserProfileModule</value>
| </option>
| </config>
| </module>
| <module>
| <type>DBDelegateUserProfile</type>
| <implementation>DB</implementation>
| <config>
| <option>
| <name>randomSynchronizePassword</name>
| <value>true</value>
| </option>
| </config>
| </module>
| <module>
| <type>LDAPDelegateUserProfile</type>
| <implementation>LDAP</implementation>
| <config/>
| </module>
| </modules>
|
| <options>
| <option-group>
| <group-name>common</group-name>
| <option>
| <name>userCtxDN</name>
| <value>ou=People,o=portal,dc=mydomain,dc=com</value>
| </option>
| <option>
| <name>roleCtxDN</name>
| <value>ou=Roles,o=portal,dc=mydomain,dc=com</value>
| </option>
| </option-group>
| <option-group>
| <group-name>userCreateAttibutes</group-name>
| <option>
| <name>objectClass</name>
| <!--This objectclasses should work with Red Hat Directory-->
| <value>top</value>
| <value>person</value>
| <value>inetOrgPerson</value>
| </option>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <option>
| <name>sn</name>
| <value>none</value>
| </option>
| </option-group>
| <option-group>
| <group-name>roleCreateAttibutes</group-name>
| <!--Schema requires those to have initial value-->
| <option>
| <name>cn</name>
| <value>none</value>
| </option>
| <!--Some directory servers require this attribute to be valid DN-->
| <!--For safety reasons point to the admin user here-->
| <option>
| <name>member</name>
| <value>uid=admin,ou=People,o=portal,dc=mydomain,dc=com</value>
| </option>
| </option-group>
| </options>
| </identity-configuration>
|
Finally, we need to edit the jboss-service.xml file in $JBOSS_HOME/server/default/deploy/jboss-portal.sar/META-INF to point to the ldap_identity-config.xml we just created. Change the following line:
conf/identity/identity-config.xml
to
conf/identity/ldap_identity-config.xml
Restart the JBoss server and attempt to login using the username / passwords that we created in the LDAP schema file.
View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4105663#4105663
Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&p=4105663
More information about the jboss-user
mailing list