20.3.2. UserModule

Table 20.1. Comparison of UserModule implementations

Features UserModule
LDAPUserModuleImpl LDAPExtUserModuleImpl
User creation X -
User removal X -
User search Flat - one level scope Flexible filter - sub tree scope

20.3.2.1. LDAPUserModuleImpl

This is the base implementation of LDAP UserModule. It supports user creation, but will retrieve users and create them in strictly specified place in LDAP tree.
To enable it in your configuration you should have:
<module>
   <!--type used to correctly map in IdentityContext registry-->
   <type>User</type>
   <implementation>LDAP</implementation>
   <config/>
</module>
org.jboss.portal.identity.ldap.LDAPUserModuleImpl configuration option-groups options:
  • common:
    • userCtxDN - DN that will be used as context for user searches
    • uidAttributeID - attribute name under which user name is specified. Default value is "uid"
    • passwordAttributeID - attribute name under which user password is specified. Default value is "userPassword"
    • principalDNPrefix and principalDNSuffix
    • searchTimeLimit - The timeout in milliseconds for the user searches. Defaults to 10000 (10 seconds).
  • userCreateAttibutes: This option-group defines a set of ldap attributes that will be set on user entry creation. Option name will be used as attribute name, and option values as attribute values. This enables to fulfill LDAP schema requirements.
Example configuration:
                  
<option-group>
   <group-name>common</group-name>
   <option>
      <name>userCtxDN</name>
      <value>ou=People,o=portal,dc=my-domain,dc=com</value>
   </option>
   <option>
      <name>uidAttributeID</name>
      <value>uid</value>
   </option>
   <option>
      <name>passwordAttributeID</name>
      <value>userPassword</value>
   </option>
</option-group>
<option-group>
   <group-name>userCreateAttibutes</group-name>
   <option>
      <name>objectClass</name>
      <!--This objectclasses should work with Red Hat Directory-->
      <value>top</value>
      <value>person</value>
      <value>inetOrgPerson</value>
   </option>
   <!--Schema requires those to have initial value-->
   <option>
      <name>cn</name>
      <value>none</value>
   </option>
   <option>
      <name>sn</name>
      <value>none</value>
   </option>
</option-group>