Created
September 6, 2012 11:06
-
-
Save dkerwin/3654876 to your computer and use it in GitHub Desktop.
cq
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** $Id: Exp $ | |
* | |
* Copyright (c) 1997-2005 Day Management AG | |
* Barfuesserplatz 6, 4001 Basel, Switzerland | |
* All Rights Reserved. | |
* | |
* This software is the confidential and proprietary information of | |
* Day Management AG, ("Confidential Information"). You shall not | |
* disclose such Confidential Information and shall use it only in | |
* accordance with the terms of the license agreement you entered into | |
* with Day. | |
* | |
*/ | |
com.day.crx { | |
com.day.crx.security.authentication.CRXLoginModule sufficient; | |
com.day.crx.security.ldap.LDAPLoginModule required | |
principal_provider.class="com.day.crx.security.ldap.principals.LDAPPrincipalProvider" | |
principal_provider.name="ldap" | |
host="localhost" | |
port="10389" | |
authDn="uid=admin,ou=system" | |
authPw="secret" | |
userRoot="ou=users, dc=adobe, dc=com" | |
userFilter="(objectclass=person)" | |
userIdAttribute="sn" | |
groupFilter="(objectclass=groupOfUniqueNames)" | |
groupMembershipAttribute="uniquemember" | |
groupNameAttribute="cn" | |
groupRoot="ou=groups, dc=adobe, dc=com" | |
deny_anonymous_access="true" | |
autocreate="create" | |
autocreate.syncdelay="1800" | |
autocreate.lastmodified ="lastmodified" | |
autocreate.user.mail="rep:e-mail" | |
autocreate.user.cn="rep:fullname" | |
autocreate.group.description="description" | |
autocreate.group.mail="rep:e-mail" | |
autocreate.group.cn="rep:fullname" | |
autocreate.group.localadmin="admin" | |
autocreate.group.uniquemember = "uniquemember" | |
autocreate.group.description = "description" | |
autocreate.path="splitdn" | |
cache.expiration="600" | |
cache.maxsize="100"; | |
/** | |
* Sample configuration for this login-module: | |
* | |
* Module-Settings: | |
* ---------------- | |
* principal_provider.class="com.day.crx.security.principals.LDAPPrincipalProvider" | |
* //fully qualified class name of the provider to | |
* //to be used by this Module | |
* principal_provider.name="ldap" //name of the provider, may be used to access it | |
* //via PrinicpalManger | |
* | |
* Connection-Settings: | |
* -------------------- | |
* host="ldap.sample.net //hostname or IP of the LDAP-Host to connect | |
* port="389" //optional port the LDAP-host listens to | |
* //defaults to 389 | |
* authDn="cn=Directory Manager" //optional DN auf the user, this LoginModule | |
* //should bind as. If omitted -> anynoumus | |
* authPw="secret" //passwort to authenticate the bind-user | |
* | |
* Secure ldap connections are possible, if the JVM this module is running in | |
* is set-up to trust the ldap-server. Use ldaps://ldap.sample.net if you as | |
* value for host | |
* | |
* Authentication-Settings: | |
* ------------------------ | |
* For Authentication the module tires to bind the user with the credentials | |
* provided. If this is successfull, the users entry and its group-memberschip | |
* is resolved according the following settings: | |
* | |
* userRoot="O=Company" //DN all users are searched below | |
* //defaults to "" but this may not be sup- | |
* //all servers | |
* userFilter="(objectclass=person)"//LDAP serach-filter to match the entries | |
* //below userRoot: defaults to (objectclass=person) | |
* userIdAttribute="uid" //name of the ldap-attribute, that contains | |
* //the user-ID aka its login-name. | |
* //defaults to "uid" | |
* | |
* groupRoot="OU=Groups,O=Company" //DN all groups are searched below | |
* //defaults to "" but this may not be sup- | |
* //all servers | |
* groupFilter="(objectclass=groupOfUniqueNames)" | |
* //LDAP serach-filter to match the entries | |
* //below groupRoot: | |
* //defaults to (objectclass=groupOfUniqueNames) | |
* groupMembershipAttribute="uniquemember" | |
* //LDAP attribute, which is searched, to build | |
* //the group-membership relation | |
* groupNameAttribute="cn" //Nameing attribute of the group. Used for | |
* //display in GUI, defaults to "cn" | |
* | |
* Auto-Creation: | |
* -------------- | |
* The configuration given above would be sufficient to authenticate and | |
* authorize a user residing in an LDAP server. | |
* In some cases, it may be desired to have access to user and group-data from | |
* within your repository. E.g as your application wants to notify users via | |
* e-mail. | |
* In this case, you can configure this LoginModule to create the user within the | |
* repository, if needed and to keep its data up-to date. | |
* | |
* autocreate= "create" //setting this option to create, enables | |
* //autocreation | |
* autocreate.path="direct" //Rule how, the dn should be converted into a | |
* //Path, when creating a new node | |
* //there are two options "direct" and "splitdn" | |
* //direct: a node with the name of the LDAPEntry's | |
* //nameing attribute is created | |
* //splitdn: each dn-part is translated into a | |
* //path-element. | |
* //defaults to "direct" | |
* autocreate.lastmodified="lastmodified" | |
* //If your ldap-server time-stamps your entries | |
* //this timestamp may be used to identify if an | |
* //nodes content has to be refreshed against LDAP | |
* //Configure the Attributes name, containing the | |
* //last-modfied time-stamp. | |
* //NOTE: If not configured, the entry is synced on, | |
* //each login | |
* autocreate.user.<attributename>="<propertyname>" | |
* //creates and sets the LDAP-Entries attribute | |
* //named <attributename> as value of the property | |
* //named <propertyname> | |
* //NOTE: failes if teh user-nodetype doesn't allow | |
* // to set a property of the given name | |
* autocreate.user.mail="rep:e-mail"//will set the users mail address to the ndoe's | |
* //rep:e-mail" Property | |
* autocreate.user.nodetype="rep:user" | |
* //name of the node-type to create a user with. | |
* //must be a sub-tpye of "rep:iser" | |
* //defaults to "rep:user" | |
* | |
* autocreate.group.<attributename>="<propertyname>" | |
* //same as for users but applied to groups | |
* autocreate.group.nodetype="rep:group" | |
* //name of the node-type to create a group with. | |
* //must be a sub-tpye of "rep:group" | |
* //defaults to "rep:group" | |
* | |
* Cacheing | |
* -------- | |
* The PrincipalProvider used, allows for cacheing of its principals, to avoid | |
* the need to connect each time to the LDAP server it is accessed. | |
* | |
* cache.maxsize="1000" //amount of principals held in cache | |
* //defaults to 1000 | |
* cache.expiration="600" //aoumt of time in sec. a Principal is cached | |
* | |
*/ | |
}; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment