This article contains some configuration examples for using LDAP for authentication integration with ONEWEB 4.0. Try to configure this step.


  1. setup LDAP connection

Basic information from a connection would be defined with the following attributes:


    • security-domain name: The attribute name for ONEWEB 4.0 fixed as "LDAPAuthLocal" reference from jboss-web.xml
    • url: The url of the LDAP server to connect to. Ex. "ldap://[Server IP Address]:[Port]"
    • bindDN: The distinguished name to use when establishing a connection to the server. When using a bindDN it usually comes with a password associated with it.
    • bindCredential: The password required for bindDN name specified to establish the connection to the server.
    • baseCtxDN: The starting point, where it will start searching.
    • baseFilter: A search filter used to locate the context of the user to authenticate. The input username/userDN as obtained from the login module callback will be substituted into the filter anywhere a {0} expression is seen. This substitution behavior comes from the standard DirContext.search(Name, String, Object[], SearchControls cons) method. A common example for the search filter is (uid={0}).
    • rolesCtxDN: A search filter used to locate the roles associated with the authenticated user.
    • roleAttributeID: The name of the role attribute of the context which corresponds to the name of the role.
    • searchScope: Use default scope is SUBTREE_SCOPE.


For Wildfly configure "stanalone.xml" tag "<profile>" sub tag "<subsystem>" try to insert <security-domains>. See example below


<security-domain name="LDAPAuthLocal" cache-type="default">

       <authentication>

               <login-module code="Remoting" flag="optional">

                       <module-option name="password-stacking" value="useFirstPass"/>

               </login-module>

               <login-module code="LdapExtended" flag="required">

                       <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>

                       <module-option name="java.naming.provider.url" value="ldap://[IP Address]:[Port]"/>

                       <module-option name="java.naming.security.authentication" value="simple"/>

                       <module-option name="bindDN" value="CN=SystemAdmin,OU=People,dc=example,dc=com"/>

                       <module-option name="bindCredential" value="secret"/>

                       <module-option name="baseCtxDN" value="OU=Roles,dc=example,dc=com"/>

                       <module-option name="baseFilter" value="(sAMAccountName={0})"/>

                       <module-option name="rolesCtxDN" value="OU=People,dc=example,dc=com"/>

                       <module-option name="roleFilter" value="(member={1})"/>

                       <module-option name="roleAttributeID" value="sAMAccountName"/>

                       <module-option name="roleAttributeIsDN" value="true"/>

                       <module-option name="roleRecursion" value="1"/>

                       <module-option name="defaultRole" value="AllUser"/>

                       <module-option name="searchScope" value="SUBTREE_SCOPE"/>

                       <module-option name="allowEmptyPasswords" value="false"/>

                       <module-option name="throwValidateError" value="true"/>

               </login-module>

       </authentication>

</security-domain>


Note: some difference LDAP Server if use Apache Directory or OpenLdap change module option name "baseFilter" = "(uid={0})", "roleAttributeID" = "CN"


  1. Specify the JBoss Security Domain

In the jboss-web.xml file, specify the required security domain. see example below


<jboss-web>

   <security-domain>java:/jaas/LDAPAuthLocal</security-domain>

</jboss-web>