2009年10月1日木曜日

[Teiid] ユーザを追加する(LDAP Membership Domain) Bookmark and Share

今回は、ユーザアカウントをLDAP(Active Directory)と連携してみます。
細かい手順はFile Membership Domainと同じですので、<teiid-install>/membership-ldap.propertiesと細かい注意点のみです。

■<teiid-install>/membership-ldap.properties
 ADのドメイン:ad.local
# Configuration file for LDAP membership domain

activate=true

# The class that implements the LDAP membership 
ldap.AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain

#Full LDAP URL (mandatory)
ldapURL=ldap://localhost:389

#Bind account password for group lookup.
ldapAdmin.password=<administrator's password>

#The attribute(s) that uniquely identifies a user.
#users.displayName.attribute = uid
users.displayName.attribute = name

#The search filter(s) to apply to each users root context.
users.searchFilter=(objectclass=*)

#Specifies the context(s) to use when searching for users.(mandatory)
users.rootContext=cn=Users,dc=ad,dc=local

#Bind account DN for group lookup.
ldapAdmin.dn=cn=administrator,cn=Users,dc=ad,dc=local

#Attribute(s) that appears on each user that identifies group membership.
users.memberOf.attribute=

#The attribute(s) that uniquely identifies a group.
groups.displayName.attribute=

#How far down the directory tree to search each users root context.
users.searchScope=SUBTREE_SCOPE

#Specifies the context(s) to use when searching for groups.(mandatory)
groups.rootContext=cn=Groups,dc=ad,dc=local

# Membership Domain Class Name
AuthDomainClass=com.metamatrix.platform.security.membership.spi.ldap.LDAPMembershipDomain

#The search filter(s) to apply to each groups root context
groups.searchFilter=(objectclass=*)

#How far down the directory tree to search each groups root context.
groups.searchScope=SUBTREE_SCOPE

#Time to wait for LDAP operations to complete.(defaults to unlimited)
#txnTimeoutInMillis=

#The attribute(s) that contains the members of the group.
groups.groupMember.attribute=

注意点としては、"users.displayName.attribute" が、AD の場合 uid ではダメで、name または cn としてください。

うまくいかないときは、<teiid-install>/deploy/log4j.xmlを編集するとヒントが出てくるかもしれません。
自分は、以下のようにしてみました。
<appender name="ASYNC" class="org.apache.log4j.AsyncAppender">
     <appender-ref ref="FILE"/>
     <appender-ref ref="CONSOLE"/>
   </appender>
<!-- Console Appender -->
   <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
      <param name="Target" value="System.out"/>
      <param name="Threshold" value="INFO"/>
      <layout class="org.apache.log4j.PatternLayout">
         <param name="ConversionPattern" value="%d %p [%t] %c - %m%n"/>
      </layout>
   </appender>
   <!-- -->
<logger name="org.teiid">
     <!-- level value="WARN" /-->
     <level value="INFO" />
   </logger>

0 件のコメント: