Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 109

changes.mady.by.user Alan Amos

Saved on

compared with

New Version 110

changes.mady.by.user Uwe Risse

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagetext
titleMain Configuration - LDAP Authentification - Example Information
linenumberstrue
collapsetrue
[main]
# Active Directory realm configuration
# See http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html
ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm

ldapRealm.userDnTemplate = cn={0},cn=myLDAPFolder,dc=localhost  
ldapRealm.searchBase = cn=myLDAPFolder,dc=localhost
ldapRealm.contextFactory.url = ldap://localhost:389

#ldapRealm.groupNameAttribute=memberOf
#ldapRealm.userNameAttribute=cn
ldapRealm.userSearchFilter=(&(objectClass=user)(cn=%s))

# Mapping of a LDAP group to roles. You can assign more than one role with separator sign |
ldapRealm.groupRolesMap = \
"cn=JobScheduler_it_operator,cn=Roles,cn=myLDAPFolder,dc=localhost":"it_operator", \  
"cn=jobscheduler_admin,cn=Roles,cn=myLDAPFolder,dc=localhost":"administrator|application_manager"

rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
ldapRealm.rolePermissionResolver = $rolePermissionResolver

securityManager.realms = $ldapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

# Session timeout in milliseconds
securityManager.sessionManager.globalSessionTimeout = 360000 

 

Exam,ple of a AD LDAP Configuration with

Code Block
 
[main]

ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm

ldapRealm.userDnTemplate = cn={0},OU=myOu,OU=Department,DC=myDc1,DC=myDc2,DC=myDc3,DC=myDc4,DC=de
ldapRealm.searchBase = OU=myOu,OU=Department,DC=myDc1,DC=myDc2,DC=myDc3,DC=myDc4,DC=de
ldapRealm.contextFactory.url = ldap://xx.xx.xxx.xx:369

ldapRealm.groupNameAttribute=department
ldapRealm.userSearchFilter=(&(objectClass=*)(cn=%s))

# Mapping of a LDAP group to roles. You can assign more than one role with separator sign |
ldapRealm.groupRolesMap = \
"Information Technology":"all"

rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
ldapRealm.rolePermissionResolver = $rolePermissionResolver

securityManager.realms = $ldapRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager

 

 

It should only be necessary for system administrators to modify three parts of this section:

...