Class LdapLoginModule

java.lang.Object
org.eclipse.jetty.jaas.spi.AbstractLoginModule
org.eclipse.jetty.jaas.spi.LdapLoginModule
All Implemented Interfaces:
LoginModule

public class LdapLoginModule extends AbstractLoginModule
A LdapLoginModule for use with JAAS setups

The jvm should be started with the following parameter:

 -Djava.security.auth.login.config=etc/ldap-loginModule.conf
 
and an example of the ldap-loginModule.conf would be:
 ldaploginmodule {
    org.eclipse.jetty.server.server.plus.jaas.spi.LdapLoginModule required
    debug="true"
    useLdaps="false"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="ldap.example.com"
    port="389"
    bindDn="cn=Directory Manager"
    bindPassword="directory"
    authenticationMethod="simple"
    forceBindingLogin="false"
    userBaseDn="ou=people,dc=alcatel"
    userRdnAttribute="uid"
    userIdAttribute="uid"
    userPasswordAttribute="userPassword"
    userObjectClass="inetOrgPerson"
    roleBaseDn="ou=groups,dc=example,dc=com"
    roleNameAttribute="cn"
    roleMemberAttribute="uniqueMember"
    roleObjectClass="groupOfUniqueNames";
    };
 
  • Field Details

    • LOG

      private static final Logger LOG
    • _hostname

      private String _hostname
      hostname of the ldap server
    • _port

      private int _port
      port of the ldap server
    • _authenticationMethod

      private String _authenticationMethod
      Context.SECURITY_AUTHENTICATION
    • _contextFactory

      private String _contextFactory
      Context.INITIAL_CONTEXT_FACTORY
    • _bindDn

      private String _bindDn
      root DN used to connect to
    • _bindPassword

      private String _bindPassword
      password used to connect to the root ldap context
    • _userObjectClass

      private String _userObjectClass
      object class of a user
    • _userRdnAttribute

      private String _userRdnAttribute
      attribute that the principal is located
    • _userIdAttribute

      private String _userIdAttribute
      attribute that the principal is located
    • _userPasswordAttribute

      private String _userPasswordAttribute
      name of the attribute that a users password is stored under

      NOTE: not always accessible, see force binding login

    • _userBaseDn

      private String _userBaseDn
      base DN where users are to be searched from
    • _roleBaseDn

      private String _roleBaseDn
      base DN where role membership is to be searched from
    • _roleObjectClass

      private String _roleObjectClass
      object class of roles
    • _roleMemberAttribute

      private String _roleMemberAttribute
      name of the attribute that a username would be under a role class
    • _roleNameAttribute

      private String _roleNameAttribute
      the name of the attribute that a role would be stored under
    • _debug

      private boolean _debug
    • _forceBindingLogin

      private boolean _forceBindingLogin
      if the getUserInfo can pull a password off of the user then password comparison is an option for authn, to force binding login checks, set this to true
    • _useLdaps

      private boolean _useLdaps
      When true changes the protocol to ldaps
    • _rootContext

      private DirContext _rootContext
  • Constructor Details

    • LdapLoginModule

      public LdapLoginModule()
  • Method Details