...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
[main] # Active Directory realm configuration # See http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm.userDnTemplate = cn={0},cn=myLDAPFolder,dc=localhost ldapRealm.searchBase = cn=myLDAPFolder,dc=localhost ldapRealm.contextFactory.url = ldap://localhost:389 #ldapRealm.groupNameAttribute=memberOf #ldapRealm.userNameAttribute=cn ldapRealm.userSearchFilter=(&(objectClass=user)(cn=%s)) # Mapping of a LDAP group to roles. You can assign more than one role with separator sign | ldapRealm.groupRolesMap = \ "cn=JobScheduler_it_operator,cn=Roles,cn=myLDAPFolder,dc=localhost":"it_operator", \ "cn=jobscheduler_admin,cn=Roles,cn=myLDAPFolder,dc=localhost":"administrator|application_manager" rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter rolePermissionResolver.ini = $iniRealm ldapRealm.rolePermissionResolver = $rolePermissionResolver securityManager.realms = $ldapRealm cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager # Session timeout in milliseconds securityManager.sessionManager.globalSessionTimeout = 360000 |
Exam,ple of a AD LDAP Configuration with
Code Block |
---|
[main]
ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm
ldapRealm.userDnTemplate = cn={0},OU=myOu,OU=Department,DC=myDc1,DC=myDc2,DC=myDc3,DC=myDc4,DC=de
ldapRealm.searchBase = OU=myOu,OU=Department,DC=myDc1,DC=myDc2,DC=myDc3,DC=myDc4,DC=de
ldapRealm.contextFactory.url = ldap://xx.xx.xxx.xx:369
ldapRealm.groupNameAttribute=department
ldapRealm.userSearchFilter=(&(objectClass=*)(cn=%s))
# Mapping of a LDAP group to roles. You can assign more than one role with separator sign |
ldapRealm.groupRolesMap = \
"Information Technology":"all"
rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
ldapRealm.rolePermissionResolver = $rolePermissionResolver
securityManager.realms = $ldapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager |
It should only be necessary for system administrators to modify three parts of this section:
...