Chapter 2. LDAP Overview

The basics of LDAP as well as a basic use case are described in the LDAP and Example Scenarios sections of the Red Hat JBoss Enterprise Application Platform 6 Security Architecture guide document. It also describes the LDAP-related login modules for security domains in the Security Subsystem section.

In general, LDAP, in the context of JBoss EAP 6, is used as an identity store for security domains and security realms. It can be used to make authentication decisions as well as serve as an authorization authority for JBoss EAP and applications deployed to it. Various role and access information about principals can be stored in an LDAP directory which may be used directly by JBoss EAP 6 or mapped to existing JBoss EAP 6 roles.

Note

Similar to using a database or other external datastores to house identity information, performance of data access and data transport between the datastore and the JBoss EAP 6 instance may have a performance impact on authenticating and authorizing principals.