login-config.xml

This is the sample application-policy block that you can copy into your login-config.xml file to support LDAP authentication.

Notes

Replace the default application-policy block of the login-config.xml file with this code, then make the modifications specified in Set up LDAP integration for the TeamForge site. Option values that must be modified are highlighted in bold.

Sample code

        <application-policy name="SourceForge">
          <authentication>
            <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient" >
              <module-option name="allowEmptyPasswords">false</module-option>
              <module-option name="principalDNPrefix">uid=</module-option>
              <module-option name="principalDNSuffix">,ou=People,dc=dev,dc=sf,dc=net</module-option>
              <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option>
              <module-option name="java.naming.provider.url">ldap://util.dev.sf.net:389/</module-option>
              <module-option name="java.naming.security.authentication">simple</module-option>
            </login-module>
          </authentication>
        </application-policy>

Sample code for Active Directory integration

Active Directory is not supported. However, these sample lines in the login-config.xml file may help you make it work for a simple AD setup, without complex directory structures requiring additional search parameters.

Set the values of java.naming.provider.url, principalDNSuffix and rolesCtxDN as appropriate to your site.

For more detailed instructions, see http://www.jboss.org/community/wiki/LdapLoginModule.

        
        <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" >
            <module-option name="java.naming.provider.url">ldaps://<server_name>:636/</module-option>
            <module-option name="allowEmptyPasswords">false</module-option>
            <module-option name="principalDNSuffix">@foo.bar.com</module-option>
            <module-option name="rolesCtxDN">dc=Foo,dc=Bar,dc=Com</module-option>
            <module-option name="matchOnUserDN">true</module-option>
            <module-option name="uidAttributeID">sAMAccountName</module-option>
            <module-option name="roleAttributeID">memberOf</module-option>
            <module-option name="roleAttributeIsDN">true</module-option>
            <module-option name="roleNameAttributeID">name</module-option>
        </login-module>