...
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
[main] # Public LDAP Server for testing purposes # see http://www.forumsys.com/en/tutorials/integration-how-to/ldap/online-ldap-test-server/ # Active Directory realm configuration # See http://shiro.apache.org/static/current/apidocs/org/apache/shiro/realm/activedirectory/ActiveDirectoryRealm.html ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm.userDnTemplate = uid={0},dc=example,dc=com ldapRealm.searchBase = dc=example,dc=com ldapRealm.contextFactory.url = ldap://ldap.forumsys.com:389 ldapRealm.groupNameAttribute=ou ldapRealm.userNameAttribute=uid ldapRealm.userSearchFilter=(uniqueMember=uid=%s,dc=example,dc=com) # Mapping of a LDAP group to roles. You can assign more than one role with separator sign | ldapRealm.groupRolesMap = \ "scientists":"it_operator", \ "mathematicians":"administrator|application_manager" rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter rolePermissionResolver.ini = $iniRealm ldapRealm.rolePermissionResolver = $rolePermissionResolver securityManager.realms = $ldapRealm cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager securityManager.cacheManager = $cacheManager # Session timeout in milliseconds securityManager.sessionManager.globalSessionTimeout = 360000 |
Example LDAP Configuration with
...
Several LDAP Servers
LDAP configuration with sevaral LDAP servers is achieved by defining more than one LDAP realm as shown in the next code block.
...