Product SiteDocumentation Site

9.2. Configuration

The LDAP Identity Store can be configured as follows:
IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();

builder
    .named("ldap.config")
        .stores()
            .ldap()
                // connection configuration
                .baseDN("dc=jboss,dc=org")
                .bindDN("uid=admin,ou=system")
                .bindCredential("passwd")
                .url("ldap://localhost:389")

                // mapping configuration
                .mapping(Agent.class)
                    .baseDN("ou=Agent,dc=jboss,dc=org")
                    .objectClasses("account")
                    .attribute("loginName", "uid", true)
                    .readOnlyAttribute("createdDate", "createTimeStamp")
                .mapping(User.class)
                    .baseDN("ou=User,dc=jboss,dc=org")
                    .objectClasses("inetOrgPerson", "organizationalPerson")
                    .attribute("loginName", "uid", true)
                    .attribute("firstName", "cn")
                    .attribute("lastName", "sn")
                    .attribute("email", EMAIL)
                    .readOnlyAttribute("createdDate", "createTimeStamp")
                .mapping(Role.class)
                    .baseDN("ou=Roles,dc=jboss,dc=org")
                    .objectClasses("role")
                    .attribute("name", "cn", true)
                    .readOnlyAttribute("createdDate", "createTimeStamp")
                .mapping(Group.class)
                  .hierarchySearchDepth(4)
                  .objectClasses("group")
                  .attribute("name", "cn", true)
                  .readOnlyAttribute("createdDate", "createTimeStamp")
                  .parentMembershipAttributeName("member")
                .mapping(Grant.class)
                    .forMapping(Role.class)
                    .attribute("assignee", "member")
                .mapping(GroupMembership.class)
                    .forMapping(Group.class)
                    .attribute("member", "member");

9.2.1. Connecting to the LDAP Server

The connection to your LDAP server can be configured as follows:
.ldap()
  .baseDN("dc=jboss,dc=org")
  .bindDN("uid=admin,ou=system")
  .bindCredential("passwd")
  .url("ldap://localhost:389")
You can also provide additional connection Properties that will be used when creating the LdapContext.
.ldap()
  .connectionProperties(myProperties)
The table below describes each configuration option:

Table 9.1. LDAP Connection Configuration Options

Option Description
baseDN Sets the base DN for a specific mapped type or all types.
bindDN Sets the the DN used to bind against the ldap server. If you want to perform write operations the DN must have permissions on the agent,user,role and group contexts.
bindCredential Sets the password for the bindDN.
url Sets the url that should be used to connect to the server. Eg.: ldap://<<server>>:389 .
connectionProperties Set a Properties instance from where additional connection properties will be retrieved from when creating the LdapContext.

9.2.1.1. Connection Pooling

When working with a LDAP server to query, create/update/remove entries, one thing you should keep in mind is enabling connection pooling. Otherwise you may run into troubles in multi-threaded or load testing environments.
Connection pooling can be easily enabled by setting some few connection properties.
Properties properties = new Properties();

// set this property to enable connection pooling
properties.put("com.sun.jndi.ldap.connect.pool", "true");

// provide other pooling properties to configure the pool
System.setProperty("com.sun.jndi.ldap.connect.pool.authentication", "simple");
System.setProperty("com.sun.jndi.ldap.connect.pool.maxsize", "10");
System.setProperty("com.sun.jndi.ldap.connect.pool.prefsize", "5");
System.setProperty("com.sun.jndi.ldap.connect.pool.timeout", "300000");
System.setProperty("com.sun.jndi.ldap.connect.pool.debug", "all");

IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder();

  builder
    .named(SIMPLE_LDAP_STORE_CONFIG)
        .stores()
            .ldap()
                .connectionProperties(properties) // set the connection properties to the LDAP configuration
                .baseDN(embeddedServer.getBaseDn())
                .bindDN(embeddedServer.getBindDn())
                .bindCredential(embeddedServer.getBindCredential())
                .url(embeddedServer.getConnectionUrl())

Note

The LDAP Identity Store relies on the Java SDK to provide connection pooling. For more details, please take a look at http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html.