JBoss ON can incorporate LDAP directories to help manage users, authentication, and membership in roles. This simplifies user management in JBoss ON and also leverages existing organizational configuration (user accounts, groups, passwords, and account lockout policies) so that JBoss ON mirrors other infrastructure configuration.
If LDAP is used for user account management, then the LDAP directory should be the authoritative source for creating and managing user accounts. Otherwise, there can be inconsistencies in role memberships, account settings, or other user account conflict. See Section 10.2.2, “Issues Related to Using LDAP for a User Store”
If a multi-domain Active Directory structure is used, Universal (not Global) Groups are required. Users in Global groups have limited visibility across domains due to Active Directory privilege issues.
10.1. Supported Directory Services
JBoss ON supports major directory servers for user authentication and group authorization:
Red Hat Directory Server 8.1, 8.2, and 9.0
Microsoft Active Directory 2003 and 2008