JBoss EAP 7 and SSSD

Latest response

HI All,
Just posing the question, we are currently setting up JBoss EAP 7 on RHEL 7.3. We are going through the process of setting up Kerberos to talk to our AD servers etc.
Seeing as we are on RHEL 7.3 we are using SSSD to talk to AD when we log onto the linux servers, I have scoured the EAP 7 doco and cannot find any reference to integrating EAP 7 with SSSD.
Does anyone know when this will be coming ?




Hi Dale,

Greetings from down the road (I am based in Brisbane :)), I'm a technical writer at Red Hat and I work on the JBoss EAP documentation team. Unfortunately, I'm not aware of specific documentation for EAP and SSSD.

EAP can be configured to talk to Active Directory directly, or use Kerberos itself if you already have that working.

I'm not aware myself on what might be required to get EAP talking to SSSD, but you might want to open a support case and have our support engineers have a look at the environment you are attempting to create.



When you configure a system with SSSD you're really just 'faking' the local user/group information in nss by plugging the directory information into the side of nss. Other systems/services on the server don't really 'know' they are using SSSD/AD, they request user information and it's returned back to them from multiple sources (sssd / ad, local files etc.) in a homogenous way.

I guess the point of that is that I am not sure you would setup EAP to integrate with SSSD specifically, it just needs to be configured to use local unix accounts that are available on the system, nss/SSSD handles presenting the remote information as local to the server.

It should be no different to using a local account on the server eg. 'useradd localuser'.

This is of course EAP 7 supports using local accounts for auth (sorry, haven't had hands on with EAP7, basing my response on experience with other middleware platforms). The other obvious alternative is you configure it to auth against LDAP at the app layer, depends what you're trying to achieve.