Árvore de páginas

Índice

Objective

The objective of this guide is to present the valid configurations for authentication in multiple AD servers using the LDAP protocol (Lightweight Directory Access Protocol).

Authentication settings across multiple AD Servers with LDAP Protocol

To define these configurations, the file <INSTALL_FLUIG>\jboss\configuration\standalone.xml needs to be modified, according to the steps below:



    • Look for the snippet below:

      <security-domain name="TOTVSTech" cache-type="default">
       <authentication>
       <login-module code="com.totvs.foundation.auth.FoundationDatabaseServerLoginModule" flag="required" module="com.totvs.foundation.auth">
       <module-option name="hashAlgorithm" value="MD5"/>
       <module-option name="hashEncoding" value="HEX"/>
       <module-option name="principalClass" value="com.totvs.technology.foundation.common.TOTVSTechPrincipal"/>
       </login-module>
       </authentication>
      </security-domain>


    • Replace the tags structure login-module for the following structure:

      <login-module code="com.totvs.foundation.auth.FoundationExtLdapLoginModule" flag="sufficient" module="com.totvs.foundation.auth">
      <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
              <module-option name="java.naming.provider.url" value="ldap://<SERVIDOR AD 1>:<PORTA AD 1>/"/> 
              <module-option name="java.naming.security.authentication" value="simple"/> 
              <module-option name="java.naming.security.protocol" value=""/> 
              <module-option name="java.naming.security.principal" value="<USUARIO AD 1>@<DOMINIO AD1>"/> 
              <module-option name="java.naming.security.credentials" value="<SENHA AD 1>"/> 
              <module-option name="uidAttributeID" value="sAMAccountName"/>
              <module-option name="baseFilter" value="(sAMAccountName={0})"/>
              <module-option name="loginCombinedWithDatabase" value="false"/> 
              <module-option name="baseCtxDN" value="DC=<ESTRUTURA AD 1>"/> 
              <module-option name="rolesCtxDN" value="DC=<ESTRUTURA AD 1>"/> 
              <module-option name="hashAlgorithm" value="MD5"/>
              <module-option name="hashEncoding" value="HEX"/>
      </login-module>
      <login-module code="com.totvs.foundation.auth.FoundationExtLdapLoginModule" flag="sufficient" module="com.totvs.foundation.auth">
      <module-option name="java.naming.factory.initial" value="com.sun.jndi.ldap.LdapCtxFactory"/>
              <module-option name="java.naming.provider.url" value="ldap://<SERVIDOR AD 2>:<PORTA AD 2>/"/> 
              <module-option name="java.naming.security.authentication" value="simple"/> 
              <module-option name="java.naming.security.protocol" value=""/> 
              <module-option name="java.naming.security.principal" value="<USUARIO AD 2>@<DOMINIO AD 2>"/> 
              <module-option name="java.naming.security.credentials" value="<SENHA>"/> 
              <module-option name="uidAttributeID" value="sAMAccountName"/>
              <module-option name="baseFilter" value="(sAMAccountName={0})"/>
              <module-option name="loginCombinedWithDatabase" value="false"/> 
              <module-option name="baseCtxDN" value="DC=<ESTRUTURA AD 2>"/> 
              <module-option name="rolesCtxDN" value="DC=<ESTRUTURA AD 2>"/> 
              <module-option name="hashAlgorithm" value="MD5"/>
              <module-option name="hashEncoding" value="HEX"/>
      </login-module>


    • In case authentication through data of the data bank is also required, the following tag structure login-module must also be added:

      <login-module code="com.totvs.foundation.auth.FoundationDatabaseServerLoginModule" flag="sufficient" module="com.totvs.foundation.auth">
       <module-option name="hashAlgorithm" value="MD5"/>
       <module-option name="hashEncoding" value="HEX"/>
       <module-option name="principalClass" value="com.totvs.technology.foundation.common.TOTVSTechPrincipal"/>
      </login-module>