Last active
July 29, 2017 19:31
-
-
Save luszczynski/817d3f2698b969af6231 to your computer and use it in GitHub Desktop.
LDAP RBAC Configuration
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
### Authentication ### | |
# Create connection to LDAP with name ldap_connection | |
/host=master/core-service=management/ldap-connection=ldap_connection/:add(search-credential=myPass,url=ldap://example:389,search-dn="cn=John,cn=Users,dc=mydomain,dc=com") | |
# Create new realm with name ldap_security_realm | |
/host=master/core-service=management/security-realm=ldap_security_realm:add() | |
# Add authentication | |
/host=master/core-service=management/security-realm=ldap_security_realm/authentication=ldap:add(base-dn="cn=Users,dc=mydomain,dc=com", recursive=true, username-attribute="saMAccountName", connection="ldap_connection") | |
# Change jboss management console to use our realm | |
/host=master/core-service=management/management-interface=http-interface/:write-attribute(name=security-realm,value=ldap_security_realm) | |
Source: https://access.redhat.com/solutions/148823 | |
### Authorization ### | |
batch | |
/core-service=management/security-realm=ldap_security_realm/authorization=ldap:add(connection="ldap_connection") | |
/core-service=management/security-realm=ldap_security_realm/authorization=ldap/group-search=principal-to-group:add(group-attribute="memberOf",iterative=true,group-dn-attribute="dn", group-name="SIMPLE",group-name-attribute="cn") | |
run-batch | |
source: https://access.redhat.com/site/solutions/649523 | |
### Assignments ### | |
source: https://access.redhat.com/solutions/662143 | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is there a way to encrypt password in search-credential=myPass in Jboss.