9.3. Add User Entries to the Directory Server

Overview

The basic prerequisite for using LDAP authentication with the OSGi container is to have an X.500 directory server running and configured with a collection of user entries. For many use cases, you will also want to configure a number of groups to manage user roles.

Alternative to adding user entries

If you already have user entries and groups defined in your LDAP server, you might prefer to map the existing LDAP groups to JAAS roles using the roles.mapping property in the LDAPLoginModule configuration, instead of creating new entries. For details, see Section 2.1.7, “JAAS LDAP Login Module”.

Goals

In this portion of the tutorial you will

Adding user entries

Perform the following steps to add user entries to the directory server:
  1. Ensure that the LDAP server and console are running. See Section 9.2, “Set-up a Directory Server and Console”.
  2. In the Directory Server Console, click on the Directory tab, and drill down to the People node, under the YourDomain node (where YourDomain is shown as localdomain in the following screenshots).
    directory information tree in the LDAP browser
  3. Right-click the People node, and select NewUser from the context menu, to open the Create New User dialog.
  4. Select the User tab in the left-hand pane of the Create New User dialog.
  5. Fill in the fields of the User tab, as follows:
    1. Set the First Name field to John.
    2. Set the Last Name field to Doe.
    3. Set the User ID field to jdoe.
    4. Enter the password, secret, in the Password field.
    5. Enter the password, secret, in the Confirm Password field.
      Filling the fields of the User tab in the Create New User dialog
  6. Click OK.
  7. Add a user Jane Doe by following Step 3 to Step 6.
    In Step 5.e, use janedoe for the new user's User ID and use the password, secret, for the password fields.
  8. Add a user Camel Rider by following Step 3 to Step 6.
    In Step 5.e, use crider for the new user's User ID and use the password, secret, for the password fields.

Adding groups for the roles

To add the groups that define the roles:
  1. In the Directory tab of the Directory Server Console, drill down to the Groups node, under the YourDomain node.
  2. Right-click the Groups node, and select NewGroup from the context menu, to open the Create New Group dialog.
  3. Select the General tab in the left-hand pane of the Create New Group dialog.
  4. Fill in the fields of the General tab, as follows:
    1. Set the Group Name field to Administrator.
    2. Optionally, enter a description in the Description field.
    Filling the fields of the General tab in the Create New Group dialog
  5. Select the Members tab in the left-hand pane of the Create New Group dialog.
    Filling the fields of the Members tab in the Create New Group dialog
  6. Click Add to open the Search users and groups dialog.
  7. In the Search field, select Users from the drop-down menu, and click the Search button.
  8. From the list of users that is now displayed, select John Doe.
  9. Click OK, to close the Search users and groups dialog.
  10. Click OK, to close the Create New Group dialog.
  11. Add a Deployer role by following Step 2 to Step 10.
    In Step 4, enter Deployer in the Group Name field.
    In Step 8, select Jane Doe.
  12. Add a Monitor role by following Step 2 to Step 10.
    In Step 4, enter Monitor in the Group Name field.
    In Step 8, select Camel Rider.