Chapter 20. LDAP

This chapter describes how to setup LDAP support in JBoss Portal

Note

To be able to fully understand this chapter you should also read Chapter 17, JBoss Portal Identity Management and Chapter 19, Authentication and Authorization before.

20.1. How to enable LDAP usage in JBoss Portal

We'll describe here the simple steps that you will need to perform to enable LDAP support in JBoss Portal. For additional information you need to read more about configuration of identity and specific implementations of identity modules
There are two ways to achieve this:
  • jboss-portal.sar/META-INF/jboss-service.xml in section:
    <mbean
       code="org.jboss.portal.identity.IdentityServiceControllerImpl"
       name="portal:service=Module,type=IdentityServiceController"
       xmbean-dd=""
       xmbean-code="org.jboss.portal.jems.as.system.JBossServiceModelMBean">
       <xmbean/>
       <depends>portal:service=Hibernate</depends>
       <attribute name="JndiName">java:/portal/IdentityServiceController</attribute>
       <attribute name="RegisterMBeans">true</attribute>
       <attribute name="ConfigFile">conf/identity/identity-config.xml</attribute>
       <attribute name="DefaultConfigFile">conf/identity/standardidentity-config.xml</attribute>
    </mbean>
    change identity-config.xml to ldap_identity-config.xml
  • Swap the names or content of files in jboss-portal.sar/conf/identity/identity-config.xml and jboss-portal.sar/conf/identity/ldap_identity-config.xml
After doing one of the above changes you need to edit configuration file that you choose to use (identity-config.xml or ldap_identity-config.xml) and configure LDAP connection options in section:
<datasource>
   <name>LDAP</name>
   <config>
      <option>
         <name>host</name>
         <value>jboss.com</value>
      </option>
      <option>
         <name>port</name>
         <value>10389</value>
      </option>
      <option>
         <name>adminDN</name>
         <value>cn=Directory Manager</value>
      </option>
      <option>
         <name>adminPassword</name>
         <value>qpq123qpq</value>
      </option>
   </config>
</datasource>
You also need to specify options for your LDAP tree (described in configuration documentation) like those:
<option-group>
   <group-name>common</group-name>
   <option>
      <name>userCtxDN</name>
      <value>ou=People,dc=portal26,dc=jboss,dc=com</value>
   </option>
   <option>
      <name>roleCtxDN</name>
      <value>ou=Roles,dc=portal26,dc=jboss,dc=com</value>
   </option>
</option-group>

Note

Under PORTAL_SOURCES/identity/src/resources/example/ you can find a sample ldif that you can use to populate LDAP server and quickly start playing with it.