Mensetup Autentifikasi Bedework ke OpenLDAP
LdapLoginModule
<application-policy name="openthinklabs">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapLoginModule"
flag="required">
<module-option name="java.naming.factory.initial">
com.sun.jndi.ldap.LdapCtxFactory
</module-option>
<module-option name="java.naming.provider.url">
ldap://localhost:389/
</module-option>
<module-option name="java.naming.security.authentication">
simple
</module-option>
<module-option name="principalDNPrefix">uid=</module-option>
<module-option name="principalDNSuffix">
,dc=openthinklabs,dc=com
</module-option>
<!-- Roles are not used by bedework - not sure if we need these -->
<module-option name="rolesCtxDN">
ou=Roles,dc=jboss,dc=org
</module-option>
<module-option name="uidAttributeID">member</module-option>
<module-option name="matchOnUserDN">false</module-option>
<module-option name="roleAttributeID">cn</module-option>
<module-option name="roleAttributeIsDN">false </module-option>
</login-module>
</authentication>
</application-policy>
LdapExtLoginModule
Active Directory
<application-policy name="bedeworkdemo">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url">ldap://openthinklabs.com:389/</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">CN=bedeworkSpecial,OU=IT,OU=Staff,OU=User_Accounts,DC=openthinklabs,DC=com</module-option>
<module-option name="bindCredential">secret</module-option>
<module-option name="baseCtxDN">DC=openthinklabs,DC=com</module-option>
<module-option name="baseFilter">(sAMAccountName={0})</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="rolesCtxDN">DC=openthinklabs,DC=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">name</module-option>
<module-option name="roleRecursion">0</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="java.naming.referral">follow</module-option>
</login-module>
</authentication>
</application-policy>
OpenLDAP
<application-policy name="bedeworkdemo">
<authentication>
<login-module code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required">
<module-option name="java.naming.provider.url">ldap://openthinklabs.com:389/</module-option>
<module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
<module-option name="java.naming.security.authentication">simple</module-option>
<module-option name="bindDN">CN=bedework,OU=IT,OU=Staff,OU=User_Accounts,DC=openthinklabs,DC=com</module-option>
<module-option name="bindCredential">secret</module-option>
<module-option name="baseCtxDN">DC=openthinklabs,DC=com</module-option>
<module-option name="baseFilter">(uid={0})</module-option>
<module-option name="searchScope">SUBTREE_SCOPE</module-option>
<module-option name="rolesCtxDN">DC=openthinklabs,DC=com</module-option>
<module-option name="roleFilter">(member={1})</module-option>
<module-option name="roleAttributeIsDN">true</module-option>
<module-option name="roleNameAttributeID">name</module-option>
<module-option name="roleRecursion">0</module-option>
<module-option name="allowEmptyPasswords">false</module-option>
<module-option name="java.naming.referral">follow</module-option>
</login-module>
</authentication>
</application-policy>
Referensi
Setting up authentication, https://wiki.jasig.org/display/BWK38/Setting+up+authentication
LdapLoginModule, https://community.jboss.org/wiki/LdapLoginModule
LDAP authentication for Ucal, http://www.bedework.org/pipermail/bedework-users/2010-February/002764.html
How to enable debugging of LDAP integration?, http://www.bedework.org/pipermail/bedework-users/2010-March/002807.html