5.11.3. Using Outbound LDAP with 2-way SSL in the Management Interface and CLI
JBoss EAP 6 can be configured to use an outbound connection to a LDAP server using 2-way SSL for authentication in the Management Interface and CLI.
Prerequisites
- An LDAP-enabled security realm must be created. See Section 5.11.2, “Use LDAP to Authenticate to the Management Interfaces” for details on creating the security realm.
Procedure 5.4. Configure Outbound LDAP with 2-way SSL
- Configure the security realm keystore and truststore. The security realm must contain a keystore configured with the key that the JBoss EAP 6 server will use to authenticate against the LDAP server. The security realm must also contain a truststore configured with the LDAP server's certificates. See Section 5.9, “Using 2-way SSL for the Management interface and the CLI” for instructions on configuring keystores and truststores.
- Add the outbound connection to the LDAP server, specifying the configured security realm:
/core-service=management/ldap-connection=LocalLdap:add(url="ldaps://LDAP_HOST:LDAP_PORT") /core-service=management/ldap-connection=LocalLdap:write-attribute(name=security-realm,value="LdapSSLRealm")
- Configure LDAP authentication within the security realm and the management interfaces as shown in Section 5.11.2, “Use LDAP to Authenticate to the Management Interfaces”.