JBoss.orgCommunity Documentation

Chapter 23. LDAP IdentityStore

23.1. Class Name
23.2. Overview
23.3. Configuration
23.4. Sample Configuration

23.1. Class Name

org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl

23.2. Overview

LDAPIdentityStoreImpl provides support for LDAP as identity persistence store (IdentityStore). At this stage the implementation is a bit limitted:

23.3. Configuration

<identity-object-type><options>

<identity-store><options>

23.4. Sample Configuration

                    
<identity-store>
  <id>Sample LDAP Store</id>
  <class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
  <external-config/>
  <supported-relationship-types>
    <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
  </supported-relationship-types>
  <supported-identity-object-types>
    <identity-object-type>
      <name>IDENTITY</name>
      <relationships/>
      <credentials>
        <credential-type>PASSWORD</credential-type>
      </credentials>
      <attributes>
        <attribute>
          <name>phone</name>
          <mapping>telephoneNumber</mapping>
          <type>text</type>
          <isRequired>false</isRequired>
          <isMultivalued>false</isMultivalued>
          <isReadOnly>false</isReadOnly>
        </attribute>
          <attribute>
          <name>description</name>
          <mapping>description</mapping>
          <type>text</type>
          <isRequired>false</isRequired>
          <isMultivalued>false</isMultivalued>
          <isReadOnly>false</isReadOnly>
        </attribute>
        <attribute>
          <name>carLicense</name>
          <mapping>carLicense</mapping>
          <type>text</type>
          <isRequired>false</isRequired>
          <isMultivalued>false</isMultivalued>
          <isReadOnly>false</isReadOnly>
        </attribute>
      </attributes>
      <options>
        <option>
          <name>idAttributeName</name>
          <value>uid</value>
        </option>
        <option>
          <name>passwordAttributeName</name>
          <value>password</value>
        </option>
        <option>
          <name>ctxDNs</name>
          <value>ou=People,o=test,dc=example,dc=com</value>
        </option>
        <option>
          <name>allowCreateEntry</name>
          <value>true</value>
        </option>
        <option>
          <name>createEntryAttributeValues</name>
          <value>objectClass=top</value>
          <value>objectClass=inetOrgPerson</value>
          <value>sn= </value>
          <value>cn= </value>
        </option>
      </options>
    </identity-object-type>
    <identity-object-type>
      <name>ORGANIZATION</name>
      <relationships>
        <relationship>
          <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
          <identity-object-type-ref>IDENTITY</identity-object-type-ref>
        </relationship>
        <relationship>
          <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
          <identity-object-type-ref>ORGANIZATION</identity-object-type-ref>
        </relationship>
        <relationship>
          <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
          <identity-object-type-ref>GROUP</identity-object-type-ref>
        </relationship>
      </relationships>
      <credentials/>
      <attributes/>
      <options>
        <option>
          <name>idAttributeName</name>
          <value>cn</value>
        </option>
        <option>
          <name>ctxDNs</name>
          <value>ou=Organizations,o=test,dc=example,dc=com</value>
        </option>
        <option>
          <name>allowCreateEntry</name>
          <value>true</value>
        </option>
        <option>
          <name>membershipAttributeName</name>
          <value>member</value>
        </option>
        <option>
          <name>isMembershipAttributeDN</name>
          <value>true</value>
        </option>
        <option>
          <name>allowEmptyMemberships</name>
          <value>true</value>
        </option>
        <option>
          <name>createEntryAttributeValues</name>
          <value>objectClass=top</value>
          <value>objectClass=groupOfNames</value>
        </option>
      </options>
    </identity-object-type>
  </supported-identity-object-types>
  <options>
    <option>
      <name>providerURL</name>
      <value>ldap://localhost:10389</value>
    </option>
    <option>
      <name>adminDN</name>
      <value>cn=Directory Manager</value>
    </option>
    <option>
      <name>adminPassword</name>
      <value>password</value>
    </option>
    <option>
      <name>searchTimeLimit</name>
      <value>10000</value>
    </option>
  </options>
</identity-store>