Example
This section provides a walk through converting an existing set of LDAP parameters in the EMS server using the LDAP Group User Authentication login module.
- Set the
jre_library parameter to enable the JVM.
For more information, see The JVM in the EMS Server.
- Set the
security_classpath.
For example:
security_classpath = c:\tibco\ems\8.5\bin\tibemsd_jaas.jar;c:\tibco\ems\8.5\lib\tibjmsadmin.jar;c:\tibco\ems\8.5\lib\tibjms.jar;c:\tibco\ems\8.5\lib\jms-2.0.jar
- Enable JAAS for LDAP authentication by modifying the
user_auth parameter. Remove
ldap from the list of authentication sources, and verify that
jaas is present.
For example:
user_auth=jaas
- Edit the provided com.tibco.tibems.tibemsd.security.jaas.LDAPGroupUserAuthentication module for your LDAP server configuration:
- Set the
jaas_config_file to reference the JAAS module configuration file created in
Step 4 above.
For example:
jaas_config_file = ems_ldap_with_groups.txt
LDAP Parameters in the tibemsd.conf
Consider the following LDAP server configuration parameters in the EMS server configuration file, tibemsd.conf:
ldap_url = ldap://ldaphost:389 ldap_principal = cn=Manager ldap_credential = $man$fPSdYgyVTQloUv36Km36AEOrARW ldap_user_class = person ldap_user_attribute = uid ldap_user_base_dn = "ou=People,dc=TIBCO" ldap_user_scope = subtree ldap_user_filter = "(&(uid=%s)(objectclass=person))" ldap_group_base_dn = "ou=Groups,dc=TIBCO" ldap_group_scope = subtree ldap_group_filter = "(&(cn=%s)(objectclass=groupOfUniqueNames))" ldap_static_group_class = groupOfUniqueNames ldap_static_group_attribute = cn ldap_static_member_attribute = uniqueMember ldap_cache_enabled = FALSE
Mapped to LDAP Group User Authentication Module
The LDAP configuration parameters shown above map to the following JAAS configuration file:
EMSUserAuthentication { com.tibco.tibems.tibemsd.security.jaas.LDAPGroupUserAuthentication required tibems.ldap.url="ldap://ldaphost:389" tibems.ldap.manager="cn=Manager" tibems.ldap.manager_password="$man$fPSdYgyVTQloUv36Km36AEOrARW" tibems.ldap.user_attribute="uid" tibems.ldap.user_base_dn="ou=People,dc=TIBCO" tibems.ldap.scope="subtree" tibems.ldap.user_filter="(&(uid={1})(objectclass=person))" tibems.ldap.group_base_dn="ou=Groups,dc=TIBCO" tibems.ldap.group_scope="subtree" tibems.ldap.group_filter="(&({0}={1})(objectclass=groupOfUniqueNames))" tibems.ldap.group_attribute="cn" tibems.ldap.group_member_attribute="uniqueMember" tibems.ldap.cache.enabled = "false" ; };
Copyright © Cloud Software Group, Inc. All rights reserved.