2015年9月17日 星期四
LDAP and Active Directory user examples
資料來源
>
name="java.naming.security.authentication"> simple>
name="bindDN"> cn=admin,dc=soc,dc=fr>
name="bindCredential"> ******>
name="baseCtxDN"> ou=intern,ou=users,dc=soc,dc=fr>
name="baseFilter"> (uid={0})>
name="rolesCtxDN"> ou=groups,dc=soc,dc=fr>
name="roleFilter"> (memberUid={0})>
name="roleAttributeID"> cn>
name="roleAttributeIsDN"> false>
name="roleRecursion"> -1>
name="searchScope"> SUBTREE_SCOPE>
name="allowEmptyPasswords"> false>
>
>
>
The examples described here has been shared by OpenKM users and should be taken with care.
Jboss LDAP example 1
LDAP Structure
dc=fr dc=soc ou=groups cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe cn=AdminRole, objectClass=posixGroup, memberUid = jack ou=people ou=intern cn = jack, objectClass=inetOrgperson, uid = jack cn = joe, objectClass=inetOrgperson, uid = joe
Configuration parameters
principal.adapter=com.openkm.principal.LdapPrincipalAdapter principal.database.filter.inactive.users=true principal.ldap.mail.attribute=mail principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0})) principal.ldap.referral=follow principal.ldap.role.attribute=cn principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr principal.ldap.role.search.filter=(objectClass=posixGroup) principal.ldap.roles.by.user.attribute=cn principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr principal.ldap.roles.by.user.search.filter=(memberUid={0}) principal.ldap.security.credentials?xxxxxx principal.ldap.security.principal=cn=admin,dc=soc,dc=fr principal.ldap.server=ldap://192.168.xxx.xxx:389 principal.ldap.user.attribute=cn principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr principal.ldap.user.search.filter=(objectClass=inetOrgPerson) principal.ldap.users.by.role.attribute=memberUid principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0})) system.login.lowercase=true
login-config.xml
name="OpenKM"> > code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" > name="java.naming.provider.url"> ldap://192.168.xxx.xxx:389
標籤:
Active Directory,
LDAP
訂閱:
文章 (Atom)