LDAP Configuration

Continuum supports LDAP for authentication. To configure it, you should follow these steps:

  • Shutdown Continuum
  • Open apps/continuum/webapp/WEB-INF/classes/META-INF/plexus/application.xml and uncomment the following xml
    <!-- 
       Ldap Authentication can be enabled by setting enabling these components and setting the following configuration options in your security.properties file

       ============================================================
       user.manager.impl=ldap
       ldap.bind.authenticator.enabled=true
       redback.default.admin=admin
       security.policy.password.expiration.enabled=false

       ldap.config.hostname=ldap.hostname
       ldap.config.port=389
       ldap.config.base.dn=o=com
       ldap.config.context.factory=com.sun.jndi.ldap.LdapCtxFactory
       ldap.config.bind.dn=uid=myusername,o=com
       ldap.config.password=s3cr3t
       #ldap.config.authentication.method=
       ============================================================

       * ldap.config.hostname - The hostname of the ldap server
       * ldap.config.port - The port of the ldap server
       * ldap.config.base.dn - The baseDn of the ldap system
       * ldap.config.context.factory - context factory for ldap connections
       * ldap.config.bind.dn - the core user used for authentication the ldap server, must be able to perform the necessary searches, etc.
       * ldap.config.password - password for the bindDn for the root ldap connection

       until this process is better documented, the following is the document for configuration ldap with redback
      
       http://redback.codehaus.org/integration/ldap.html
    -->

    <!--
    
    this component manages the connection to the ldap server
     -->

    <!-- component>
      <role>org.codehaus.plexus.redback.common.ldap.connection.LdapConnectionFactory</role>
      <role-hint>configurable</role-hint>
      <implementation>org.codehaus.plexus.redback.common.ldap.connection.ConfigurableLdapConnectionFactory</implementation>
      <requirements>
        <requirement>
          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
        </requirement>
      </requirements>
    </component-->
    
    <!-- 
    
    this component manages the mapping of attributes in ldap to user information in redback. To configure the mapping, you can add the following properties in your security.properties

       ============================================================
       ldap.config.mapper.attribute.email=mail
       ldap.config.mapper.attribute.fullname=givenName
       ldap.config.mapper.attribute.password=userPassword
       ldap.config.mapper.attribute.user.id=cn
       ldap.config.mapper.attribute.user.base.dn=
       ldap.config.mapper.attribute.user.object.class=inetOrgPerson
       ldap.config.mapper.attribute.user.filter=(attributeName=value)
       ============================================================


     * email-attribute - The name of the attribute on a user that contains the email address
     * full-name-attribute - The name of the attribute on a user that contains the users fullName
     * password-attribute - The name of the attribute containing the users password, used for the authentiction using the user manager and not the ldap bind authenticator
     * user-id-attribute - The name of the attribute containing the users userId, most commonly cn or sn.
     * user-base-dn - The base dn that will be subtree searched for users.
     * user-object-class - the objectClass used in the ldap server for indentifying users, most commonly inetOrgPerson.
     -->
    
    <!-- component>
      <role>org.codehaus.plexus.redback.common.ldap.UserMapper</role>
      <role-hint>ldap</role-hint>
      <implementation>org.codehaus.plexus.redback.common.ldap.LdapUserMapper</implementation>
      <configuration>
        <email-attribute>email</email-attribute>
        <full-name-attribute>givenName</full-name-attribute>
        <password-attribute>userPassword</password-attribute>
        <user-id-attribute>cn</user-id-attribute>
        <user-base-dn>o=com</user-base-dn>
        <user-object-class>inetOrgPerson</user-object-class>
      </configuration>
      <requirements>
        <requirement>
          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
        </requirement>
      </requirements>
    </component-->
    
    <!--
     
    If caching is desired to improve performance then make uncomment this and make sure the following configuration parameter is in the security.properties
     
    user.manager.impl=cached
    -->
     
    <!-- component>
      <role>org.codehaus.plexus.redback.users.UserManager</role>
      <role-hint>cached</role-hint>
      <implementation>org.codehaus.plexus.redback.users.cached.CachedUserManager</implementation>
      <description>CachedUserManager</description>
      <requirements>
        <requirement>
          <role>org.codehaus.plexus.redback.users.UserManager</role>
          <role-hint>ldap</role-hint>
          <field-name>userImpl</field-name>
        </requirement>
        <requirement>
          <role>org.codehaus.plexus.cache.Cache</role>
          <role-hint>users</role-hint>
          <field-name>usersCache</field-name>
        </requirement>
      </requirements>
    </component-->
    
    <!-- 
    
    if using the user manager authenticator to authenticate the user and not the ldap bind authenticator make sure
    this definition has the correct password encoder
    
    Note: you should probably just use the ldap bind authenticator which is enabled by putting
    
    ldap.bind.authenticator.enabled=true
    
    in the security.properties
    -->
    
    <!-- component>
      <role>org.codehaus.plexus.redback.policy.UserSecurityPolicy</role>
      <role-hint>default</role-hint>
      <implementation>org.codehaus.plexus.redback.policy.DefaultUserSecurityPolicy</implementation>
      <description>User Security Policy.</description>
      <requirements>
        <requirement>
          <role>org.codehaus.plexus.redback.configuration.UserConfiguration</role>
          <field-name>config</field-name>
        </requirement>
        <requirement>
          <role>org.codehaus.plexus.redback.policy.PasswordEncoder</role>
          <role-hint>sha1</role-hint>
          <field-name>passwordEncoder</field-name>
        </requirement>
        <requirement>
          <role>org.codehaus.plexus.redback.policy.UserValidationSettings</role>
          <field-name>userValidationSettings</field-name>
        </requirement>
        <requirement>
          <role>org.codehaus.plexus.redback.policy.CookieSettings</role>
          <role-hint>rememberMe</role-hint>
          <field-name>rememberMeCookieSettings</field-name>
        </requirement>
        <requirement>
          <role>org.codehaus.plexus.redback.policy.CookieSettings</role>
          <role-hint>signon</role-hint>
          <field-name>signonCookieSettings</field-name>
        </requirement>
        <requirement>
          <role>org.codehaus.plexus.redback.policy.PasswordRule</role>
          <field-name>rules</field-name>
        </requirement>
      </requirements>
    </component-->

All you need to configure is the ConfigurableLdapConnectionFactory and LdapUserMapper components

  • Add a security.properties files under $CONTINUUM_HOME/conf/ with the following content:
    user.manager.impl=ldap
    ldap.bind.authenticator.enabled=true
    redback.default.admin=adminuser
    security.policy.password.expiration.enabled=false
    user.manager.impl=cached
    ldap.bind.authenticator.enabled=true

    adminuser is a LDAP user and will be the default Continuum admin. guestuser is a LDAP user and will be used for the guest role, generally, it is an utility LDAP account.

  • Restart Continuum

Other resources

Redback LDAP page