This is the sample application-policy block that you can copy into your login-config.xml file to support LDAP authentication.
Replace the default application-policy block of the login-config.xml file with this code, then make the modifications specified in Set up LDAP integration for the TeamForge site. Option values that must be modified are highlighted in bold.
<application-policy name="SourceForge"> <authentication> <login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="sufficient" > <module-option name="allowEmptyPasswords">false</module-option> <module-option name="principalDNPrefix">uid=</module-option> <module-option name="principalDNSuffix">,ou=People,dc=dev,dc=sf,dc=net</module-option> <module-option name="java.naming.factory.initial">com.sun.jndi.ldap.LdapCtxFactory</module-option> <module-option name="java.naming.provider.url">ldap://util.dev.sf.net:389/</module-option> <module-option name="java.naming.security.authentication">simple</module-option> </login-module> </authentication> </application-policy>
Active Directory is not supported. However, these sample lines in the login-config.xml file may help you make it work for a simple AD setup, without complex directory structures requiring additional search parameters.
Set the values of java.naming.provider.url, principalDNSuffix and rolesCtxDN as appropriate to your site.
For more detailed instructions, see http://www.jboss.org/community/wiki/LdapLoginModule.
<login-module code="org.jboss.security.auth.spi.LdapLoginModule" flag="required" > <module-option name="java.naming.provider.url">ldaps://<server_name>:636/</module-option> <module-option name="allowEmptyPasswords">false</module-option> <module-option name="principalDNSuffix">@foo.bar.com</module-option> <module-option name="rolesCtxDN">dc=Foo,dc=Bar,dc=Com</module-option> <module-option name="matchOnUserDN">true</module-option> <module-option name="uidAttributeID">sAMAccountName</module-option> <module-option name="roleAttributeID">memberOf</module-option> <module-option name="roleAttributeIsDN">true</module-option> <module-option name="roleNameAttributeID">name</module-option> </login-module>