[Teiid] ユーザを追加する（LDAP Membership Domain）

今回は、ユーザアカウントをLDAP(Active Directory)と連携してみます。
細かい手順はFile Membership Domainと同じですので、<teiid-install>/membership-ldap.propertiesと細かい注意点のみです。

■<teiid-install>/membership-ldap.properties
 ADのドメイン：ad.local

view plainprint?

1. # Configuration file for LDAP membership domain  
2.   
3. activate=true  
4.   
5. # The class that implements the LDAP membership   
6. ldap.AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain  
7.   
8. #Full LDAP URL (mandatory)  
9. ldapURL=ldap://localhost:389  
10.   
11. #Bind account password for group lookup.  
12. ldapAdmin.password=<administrator's password>  
13.   
14. #The attribute(s) that uniquely identifies a user.  
15. #users.displayName.attribute = uid  
16. users.displayName.attribute = name  
17.   
18. #The search filter(s) to apply to each users root context.  
19. users.searchFilter=(objectclass=*)  
20.   
21. #Specifies the context(s) to use when searching for users.(mandatory)  
22. users.rootContext=cn=Users,dc=ad,dc=local  
23.   
24. #Bind account DN for group lookup.  
25. ldapAdmin.dn=cn=administrator,cn=Users,dc=ad,dc=local  
26.   
27. #Attribute(s) that appears on each user that identifies group membership.  
28. users.memberOf.attribute=  
29.   
30. #The attribute(s) that uniquely identifies a group.  
31. groups.displayName.attribute=  
32.   
33. #How far down the directory tree to search each users root context.  
34. users.searchScope=SUBTREE_SCOPE  
35.   
36. #Specifies the context(s) to use when searching for groups.(mandatory)  
37. groups.rootContext=cn=Groups,dc=ad,dc=local  
38.   
39. # Membership Domain Class Name  
40. AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain  
41.   
42. #The search filter(s) to apply to each groups root context  
43. groups.searchFilter=(objectclass=*)  
44.   
45. #How far down the directory tree to search each groups root context.  
46. groups.searchScope=SUBTREE_SCOPE  
47.   
48. #Time to wait for LDAP operations to complete.(defaults to unlimited)  
49. #txnTimeoutInMillis=  
50.   
51. #The attribute(s) that contains the members of the group.  
52. groups.groupMember.attribute=  

# Configuration file for LDAP membership domain

activate=true

# The class that implements the LDAP membership 
ldap.AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain

#Full LDAP URL (mandatory)
ldapURL=ldap://localhost:389

#Bind account password for group lookup.
ldapAdmin.password=<administrator's password>

#The attribute(s) that uniquely identifies a user.
#users.displayName.attribute = uid
users.displayName.attribute = name

#The search filter(s) to apply to each users root context.
users.searchFilter=(objectclass=*)

#Specifies the context(s) to use when searching for users.(mandatory)
users.rootContext=cn=Users,dc=ad,dc=local

#Bind account DN for group lookup.
ldapAdmin.dn=cn=administrator,cn=Users,dc=ad,dc=local

#Attribute(s) that appears on each user that identifies group membership.
users.memberOf.attribute=

#The attribute(s) that uniquely identifies a group.
groups.displayName.attribute=

#How far down the directory tree to search each users root context.
users.searchScope=SUBTREE_SCOPE

#Specifies the context(s) to use when searching for groups.(mandatory)
groups.rootContext=cn=Groups,dc=ad,dc=local

# Membership Domain Class Name
AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain

#The search filter(s) to apply to each groups root context
groups.searchFilter=(objectclass=*)

#How far down the directory tree to search each groups root context.
groups.searchScope=SUBTREE_SCOPE

#Time to wait for LDAP operations to complete.(defaults to unlimited)
#txnTimeoutInMillis=

#The attribute(s) that contains the members of the group.
groups.groupMember.attribute=

注意点としては、"users.displayName.attribute" が、AD の場合 uid ではダメで、name または cn としてください。

うまくいかないときは、<teiid-install>/deploy/log4j.xmlを編集するとヒントが出てくるかもしれません。
自分は、以下のようにしてみました。

view plainprint?

5. <appender name="ASYNC" class="org.apache.log4j.AsyncAppender">  
6.      <appender-ref ref="FILE"/>  
7.      <appender-ref ref="CONSOLE"/>  
8.    </appender>  

<appender name="ASYNC" class="org.apache.log4j.AsyncAppender">
     <appender-ref ref="FILE"/>
     <appender-ref ref="CONSOLE"/>
   </appender>

view plainprint?

20. <!-- Console Appender -->  
21.    <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">  
22.       <param name="Target" value="System.out"/>  
23.       <param name="Threshold" value="INFO"/>  
24.       <layout class="org.apache.log4j.PatternLayout">  
25.          <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/>  
26.       </layout>  
27.    </appender>  
28.    <!-- -->  

<!-- Console Appender -->
   <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
      <param name="Target" value="System.out"/>
      <param name="Threshold" value="INFO"/>
      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/>
      </layout>
   </appender>
   <!-- -->

view plainprint?

82. <logger name="org.teiid">  
83.      <!-- level value="WARN" /-->  
84.      <level value="INFO" />  
85.    </logger>  

<logger name="org.teiid">
     <!-- level value="WARN" /-->
     <level value="INFO" />
   </logger>