細かい手順はFile Membership Domainと同じですので、<teiid-install>/membership-ldap.propertiesと細かい注意点のみです。
■<teiid-install>/membership-ldap.properties
ADのドメイン:ad.local
- # Configuration file for LDAP membership domain
- activate=true
- # The class that implements the LDAP membership
- ldap.AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain
- #Full LDAP URL (mandatory)
- ldapURL=ldap://localhost:389
- #Bind account password for group lookup.
- ldapAdmin.password=<administrator's password>
- #The attribute(s) that uniquely identifies a user.
- #users.displayName.attribute = uid
- users.displayName.attribute = name
- #The search filter(s) to apply to each users root context.
- users.searchFilter=(objectclass=*)
- #Specifies the context(s) to use when searching for users.(mandatory)
- users.rootContext=cn=Users,dc=ad,dc=local
- #Bind account DN for group lookup.
- ldapAdmin.dn=cn=administrator,cn=Users,dc=ad,dc=local
- #Attribute(s) that appears on each user that identifies group membership.
- users.memberOf.attribute=
- #The attribute(s) that uniquely identifies a group.
- groups.displayName.attribute=
- #How far down the directory tree to search each users root context.
- users.searchScope=SUBTREE_SCOPE
- #Specifies the context(s) to use when searching for groups.(mandatory)
- groups.rootContext=cn=Groups,dc=ad,dc=local
- # Membership Domain Class Name
- AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain
- #The search filter(s) to apply to each groups root context
- groups.searchFilter=(objectclass=*)
- #How far down the directory tree to search each groups root context.
- groups.searchScope=SUBTREE_SCOPE
- #Time to wait for LDAP operations to complete.(defaults to unlimited)
- #txnTimeoutInMillis=
- #The attribute(s) that contains the members of the group.
- groups.groupMember.attribute=
注意点としては、"users.displayName.attribute" が、AD の場合 uid ではダメで、name または cn としてください。
うまくいかないときは、<teiid-install>/deploy/log4j.xmlを編集するとヒントが出てくるかもしれません。
自分は、以下のようにしてみました。
- <appender name="ASYNC" class="org.apache.log4j.AsyncAppender">
- <appender-ref ref="FILE"/>
- <appender-ref ref="CONSOLE"/>
- </appender>
- <!-- Console Appender -->
- <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
- <param name="Target" value="System.out"/>
- <param name="Threshold" value="INFO"/>
- <layout class="org.apache.log4j.PatternLayout">
- <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/>
- </layout>
- </appender>
- <!-- -->
- <logger name="org.teiid">
- <!-- level value="WARN" /-->
- <level value="INFO" />
- </logger>
0 件のコメント:
コメントを投稿