9.2. Configuration
The LDAP Identity Store can be configured as follows:
IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); builder .named("ldap.config") .stores() .ldap() // connection configuration .baseDN("dc=jboss,dc=org") .bindDN("uid=admin,ou=system") .bindCredential("passwd") .url("ldap://localhost:389") // mapping configuration .mapping(Agent.class) .baseDN("ou=Agent,dc=jboss,dc=org") .objectClasses("account") .attribute("loginName", "uid", true) .readOnlyAttribute("createdDate", "createTimeStamp") .mapping(User.class) .baseDN("ou=User,dc=jboss,dc=org") .objectClasses("inetOrgPerson", "organizationalPerson") .attribute("loginName", "uid", true) .attribute("firstName", "cn") .attribute("lastName", "sn") .attribute("email", EMAIL) .readOnlyAttribute("createdDate", "createTimeStamp") .mapping(Role.class) .baseDN("ou=Roles,dc=jboss,dc=org") .objectClasses("role") .attribute("name", "cn", true) .readOnlyAttribute("createdDate", "createTimeStamp") .mapping(Group.class) .hierarchySearchDepth(4) .objectClasses("group") .attribute("name", "cn", true) .readOnlyAttribute("createdDate", "createTimeStamp") .parentMembershipAttributeName("member") .mapping(Grant.class) .forMapping(Role.class) .attribute("assignee", "member") .mapping(GroupMembership.class) .forMapping(Group.class) .attribute("member", "member");
9.2.1. Connecting to the LDAP Server
The connection to your LDAP server can be configured as follows:
.ldap() .baseDN("dc=jboss,dc=org") .bindDN("uid=admin,ou=system") .bindCredential("passwd") .url("ldap://localhost:389")
You can also provide additional connection
Properties
that will be used when creating the LdapContext
.
.ldap() .connectionProperties(myProperties)
The table below describes each configuration option:
Table 9.1. LDAP Connection Configuration Options
Option | Description |
---|---|
baseDN | Sets the base DN for a specific mapped type or all types. |
bindDN | Sets the the DN used to bind against the ldap server. If you want to perform write operations the DN must have permissions on the agent,user,role and group contexts. |
bindCredential | Sets the password for the bindDN. |
url | Sets the url that should be used to connect to the server. Eg.: ldap://<<server>>:389 . |
connectionProperties | Set a Properties instance from where additional connection properties will be retrieved from when creating the LdapContext . |
9.2.1.1. Connection Pooling
When working with a LDAP server to query, create/update/remove entries, one thing you should keep in mind is enabling connection pooling. Otherwise you may run into troubles in multi-threaded or load testing environments.
Connection pooling can be easily enabled by setting some few connection properties.
Properties properties = new Properties(); // set this property to enable connection pooling properties.put("com.sun.jndi.ldap.connect.pool", "true"); // provide other pooling properties to configure the pool System.setProperty("com.sun.jndi.ldap.connect.pool.authentication", "simple"); System.setProperty("com.sun.jndi.ldap.connect.pool.maxsize", "10"); System.setProperty("com.sun.jndi.ldap.connect.pool.prefsize", "5"); System.setProperty("com.sun.jndi.ldap.connect.pool.timeout", "300000"); System.setProperty("com.sun.jndi.ldap.connect.pool.debug", "all"); IdentityConfigurationBuilder builder = new IdentityConfigurationBuilder(); builder .named(SIMPLE_LDAP_STORE_CONFIG) .stores() .ldap() .connectionProperties(properties) // set the connection properties to the LDAP configuration .baseDN(embeddedServer.getBaseDn()) .bindDN(embeddedServer.getBindDn()) .bindCredential(embeddedServer.getBindCredential()) .url(embeddedServer.getConnectionUrl())
Note
The LDAP Identity Store relies on the Java SDK to provide connection pooling. For more details, please take a look at http://docs.oracle.com/javase/jndi/tutorial/ldap/connect/config.html.