The LDAP realm allows you to use an LDAP database for user security information, and has the following configuration characteristics:
Required properties are as follows:
directory: The LDAP URL to your server.
base-dn: The base DN for the location of user data. This base DN can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance.
jaas-context: The value must be ldapRealm.
You can add the following optional properties to tailor the LDAP realm behavior:
search-filter: The search filter to use to find the user. The default is uid=%s (%s expands to the subject name).
group-base-dn: The base DN for the location of group data. By default it is same as the base-dn, but it can be tuned if necessary.
group-search-filter: The search filter to find group memberships for the user. The default is uniquemember=%d (%d expands to the user element DN).
group-target: The LDAP attribute name that contains group name entries. The default is CN.
search-bind-dn: An optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search.
search-bind-password: The LDAP password for the DN given in search-bind-dn.
You must create the desired user(s) in your LDAP directory. You can do this from the Sun™ Java System Directory Server console, or through any other administration tool that supports LDAP and your directory's schema. User and group information is stored in the external LDAP directory.
The principal-name used in the deployment descriptors must correspond to your LDAP user information.