You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2010/12/16 17:11:51 UTC
svn commit: r1050032 -
/karaf/trunk/manual/src/main/webapp/developers-guide/security-framework.conf
Author: jbonofre
Date: Thu Dec 16 16:11:51 2010
New Revision: 1050032
URL: http://svn.apache.org/viewvc?rev=1050032&view=rev
Log:
[KARAF-307] Add LDAPLoginModule documentation.
Modified:
karaf/trunk/manual/src/main/webapp/developers-guide/security-framework.conf
Modified: karaf/trunk/manual/src/main/webapp/developers-guide/security-framework.conf
URL: http://svn.apache.org/viewvc/karaf/trunk/manual/src/main/webapp/developers-guide/security-framework.conf?rev=1050032&r1=1050031&r2=1050032&view=diff
==============================================================================
--- karaf/trunk/manual/src/main/webapp/developers-guide/security-framework.conf (original)
+++ karaf/trunk/manual/src/main/webapp/developers-guide/security-framework.conf Thu Dec 16 16:11:51 2010
@@ -180,6 +180,44 @@ To use an JNDI name, the prefix jndi: ne
</jaas:config>
{pygmentize}
+h3. LDAPLoginModule
+
+The LDAPLoginModule uses a LDAP to load the users and roles, bind the users on the LDAP to check passwords.
+
+The LDAPLoginModule supports the following parameters:
+
+|| Name || Description ||
+| {{connection.url}} | The LDAP connection URL, e.g. ldap://hostname |
+| {{connection.username}} | Admin username to connect to the LDAP. This parameter is optional, if it's not provided, the LDAP connection will be anonymous. |
+| {{connection.password}} | Admin password to connect to the LDAP. Only used if the {{connection.username}} is specified. |
+| {{user.base.dn}} | The LDAP base DN used to looking for user, e.g. ou=user,dc=apache,dc=org |
+| {{user.filter}} | The LDAP filter used to looking for user, e.g. (uid=%u) where %u will be replaced by the username. |
+| {{user.search.subtree}} | If "true", the user lookup will be recursive (SUBTREE). If "false", the user lookup will be performed only at the first level (ONELEVEL). |
+| {{role.base.dn}} | The LDAP base DN used to looking for roles, e.g. ou=role,dc=apache,dc=org |
+| {{role.filter}} | The LDAP filter used to looking for user's role, e.g. (member:=uid=%u) |
+| {{role.name.attribute}} | The LDAP role attribute containing the role string used by Karaf, e.g. cn |
+| {{role.search.subtree}} | If "true", the role lookup will be recursive (SUBTREE). If "false", the role lookup will be performed only at the first level (ONELEVEL). |
+| {{authentication}} | Define the authentication backend used on the LDAP server. The default is simple. |
+| {{initial.context.factory}} | Define the initial context factory used to connect to the LDAP server. The default is com.sun.jndi.ldap.LdapCtxFactory |
+
+A example of LDAPLoginModule usage follows:
+
+{pygmentize:xml}
+<jaas:config name="karaf">
+ <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">
+ connection.url = ldap://localhost:389
+ user.base.dn = ou=user,dc=apache,dc=org
+ user.filter = (cn=%u)
+ user.search.subtree = true
+ role.base.dn = ou=group,dc=apache,dc=org
+ role.filter = (member:=uid=%u)
+ role.name.attribute = cn
+ role.search.subtree = true
+ authentication = simple
+ </jaas:module>
+</jaas:config>
+{pygmentize}
+
h2. Encryption service
The [EncryptionService|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/EncryptionService.java] is a service registered in the OSGi registry providing means to encrypt and check encrypted passwords. This service acts as a factory for [Encryption|http://svn.apache.org/repos/asf/karaf/trunk/jaas/modules/src/main/java/org/apache/karaf/jaas/modules/Encryption.java] objects actually performing the encryption.