users@glassfish.java.net

Re: Multiple LDAP servers in Glassfish Security Realm

From: Allan Lykke Christensen <allan_at_i2m.dk>
Date: Tue, 22 Mar 2011 09:24:09 +0100

Thanks for the feedback Kumar. I'll file an RFE tonight.

On 22/03/2011, at 09.20, Kumar.Jayanti wrote:

> Hi,
>
> We have not tested anything like that. But if you feel like please
> file a Bug/RFE and we shall look at it for our next release.
>
> Attached is another thread where someone reported such abilities
> with the JDK LDAPLoginModule. You can try that (wrap it up as a
> Custom Realm ) and let us know if it worked.
>
> Thanks,
> kumar
>
> On 22/03/11 2:29 AM, Allan Lykke Christensen wrote:
>> List,
>>
>> I've developed a Java EE 5 application running on Glassfish v2.2.1.
>> The web application is protected using an LDAP security realm. This
>> is working quite fine. Now, I like the security realm to check
>> multiple LDAP services for a possible match.
>>
>> Example, I've got:
>>
>> * LDAP Server 1 (OpenDS)
>> * LDAP Server 2 (Active Directory)
>>
>> Each server contains a different set of users. I want users from
>> both servers to be able to log-in to my web application.
>>
>> This is my realm for LDAP Server 1:
>>
>> <auth-realm
>> classname="com.sun.enterprise.security.auth.realm.ldap.LDAPRealm"
>> name="My Realm">
>> <property name="directory" value="ldap://localhost:1389"/>
>> <property name="base-dn" value="ou=Users,dc=myapp,dc=com"/>
>> <property name="jaas-context" value="ldapRealm"/>
>> <property name="group-base-dn"
>> value="ou=GROUPS,dc=myapp,dc=com"/>
>> </auth-realm>
>>
>> I believe that it is possible to specify a failover for the
>> directory by specifying multiple LDAP servers in the directory
>> property. But what about chaining the servers? Is the solution to
>> create a custom security realm class?
>>
>> Kind regards,
>> Allan
>>
>
>
> From: Richard Kolb <rjdkolb_at_gmail.com>
> Date: 16. mar 2011 14.27.32 GMT+01:00
> To: users_at_glassfish.java.net
> Subject: Re: Glasfish LDAP Server failover support ?
> Reply-To: users_at_glassfish.java.net
>
>
> Hi Ulli
>
> On 16 March 2011 15:21, <forums_at_java.net> wrote:
>
> does Glassfish LDAPRealm
> (com.sun.enterprise.security.auth.realm.ldap.LDAPRealm) supports
> failover
> capabilities ? we have 2 LDAP-Servers and in case one of them is
> down, we
> want Glassfish to authenticate the users against another secondary
> LDAP-Server
>
> I know this does not really answer the question,
> But the default Java LDAP JAAS supports it and it works like a charm
>
> http://download.oracle.com/javase/6/docs/jre/api/security/jaas/spec/com/sun/security/auth/module/LdapLoginModule.html
>
> I am assuming Glassfish's realm supports it as well.
> perhaps specify the IP's as comma separated. Just a guess
>
> regards
> Richard.
>
>
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.