JBoss.orgCommunity Documentation

Chapter 8. Identity Management - Working with LDAP

Table of Contents

8.1. LDAPIdentityStoreConfiguration
8.1.1. Configuration

The LDAP identity store allows an LDAP directory server to be used to provide identity state. You can use this store in read-only or write-read mode, depending on your permissions on the server.

The LDAP identity store can be configured by providing the following configuration:

IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();


builder
    .named("ldap.config")
        .stores()
            .ldap()
                .baseDN("dc=jboss,dc=org")
                .bindDN("uid=admin,ou=system")
                .bindCredential("passwd")
                .url("ldap://localhost:389")
                .supportType(IdentityType.class)
                .supportGlobalRelationship(Grant.class, GroupMembership.class)
                .mapping(Agent.class)
                    .baseDN("ou=Agent,dc=jboss,dc=org")
                    .objectClasses("account")
                    .attribute("loginName", UID, true)
                    .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                .mapping(User.class)
                    .baseDN("ou=User,dc=jboss,dc=org")
                    .objectClasses("inetOrgPerson", "organizationalPerson")
                    .attribute("loginName", UID, true)
                    .attribute("firstName", CN)
                    .attribute("lastName", SN)
                    .attribute("email", EMAIL)
                    .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                .mapping(Role.class)
                    .baseDN("ou=Roles,dc=jboss,dc=org")
                    .objectClasses(GROUP_OF_NAMES)
                    .attribute("name", CN, true)
                    .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                .mapping(Group.class)
                    .baseDN("ou=Groups,dc=jboss,dc=org")
                    .objectClasses(GROUP_OF_NAMES)
                    .attribute("name", CN, true)
                    .readOnlyAttribute("createdDate", CREATE_TIMESTAMP)
                    .parentMembershipAttributeName("member")
                .mapping(Grant.class)
                    .forMapping(Role.class)
                    .attribute("assignee", "member")
                .mapping(GroupMembership.class)
                    .forMapping(Group.class)
                    .attribute("member", "member");

The following table describes all configuration options: