Package com.sun.enterprise.security.auth.realm.ldap

Class LDAPRealm

java.lang.Object
com.sun.enterprise.security.auth.realm.AbstractGlassFishRealmState
com.sun.enterprise.security.auth.realm.Realm
com.sun.enterprise.security.auth.realm.ldap.LDAPRealm
All Implemented Interfaces:
GlassFishUserManagement, GlassFishUserStore, Comparable<Realm>
@Service public final class LDAPRealm extends Realm
Realm wrapper for supporting LDAP authentication.

See LDAPLoginModule documentation for more details on the operation of the LDAP realm and login module.

The ldap realm needs the following properties in its configuration:

  • directory - URL of LDAP directory to use
  • base-dn - The base DN to use for user searches.
  • jaas-ctx - JAAS context name used to access LoginModule for authentication.

Besides JDK Context properties start with java.naming, javax.security, one can also set connection pool related properties starting with com.sun.jndi.ldap.connect.pool. See http://java.sun.com/products/jndi/tutorial/ldap/connect/config.html for details. Also, the following optional attributes can also be specified:

  • search-filter - LDAP filter to use for searching for the user entry based on username given to iAS. The default value is uid=%s where %s is expanded to the username.
  • group-base-dn - The base DN to use for group searches. By default its value is the same as base-dn.
  • group-search-filter - The LDAP filter to use for searching group membership of a given user. The default value is uniquemember=%d where %d is expanded to the DN of the user found by the user search.
  • group-target - The attribute which value(s) are interpreted as group membership names of the user. Default value is cn.
  • search-bind-dn - The dn of ldap user. optional and no default value.
  • search-bind-password - The password of search-bind-dn.optional and no default value.
  • pool-size - The JNDI ldap connection pool size.
See Also: