Is it possible to use a single LDAP configuration in multiple security domains?
Issue
- Is it possible to use a single LDAP configuration in multiple security domains as follows:-
<security-domain name="ldap_domain" cache-type="default">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url" value="ldap://IP-HOSTNAME:389"/>
<module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
<module-option name="java.naming.security.authentication" value="simple"/>
<module-option name="bindDN" value="test"/>
<module-option name="bindCredential" value="test"/>
<module-option name="baseCtxDN" value="CN=Users,DC=JBoss,DC=redhat,DC=com"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="rolesCtxDN" value="CN=GRoups,DC=JBoss,DC=redhat,DC=com"/>
<module-option name="roleFilter" value="(member={1})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="roleRecursion" value="0"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="some_security_domain" cache-type="default">
<authentication>
<login-module code="LM1" flag="optional">
...
</login-module>
<login-module code="MyLDAP" flag="optional">
<module-option name="securityDomain" value="java:/jaas/ldap_domain"/>
</login-module>
</authentication>
</security-domain>
<security-domain name="some_security_domain2" cache-type="default">
<authentication>
<login-module code="LM1" flag="optional">
...
</login-module>
<login-module code="MyLDAP" flag="optional">
<module-option name="securityDomain" value="java:/jaas/ldap_domain"/>
</login-module>
</authentication>
</security-domain>
Environment
- Red Hat JBoss Enterprise Application Platform (EAP)
- 6.2.3
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.