Posted on by Ralph Soika

Glassfish and Active Directory

Running JEE Applications on Glassfish can be easily connected to an existing Microsoft Active Directory Structure.

To authenticate a JEE application against Active Directory (AD) you can setup a LDAPRealm in Glassfish. Use the folowing example settings:

  •  JAAS Context: ‘ldapRealm’
  • Direcotry : ldap://your-ad-server:389
  • Base DN: ‘DC=mycompany,DC=local’

Additional to these standard connection settings (you should use your own environment configuration) you need to add the following additioanl Properties:

  • search-filter = (&(objectClass=user)(sAMAccountName=%s))
  • group-search-filter = (&(objectClass=group)(member=%d))
  • search-bind-dn = some-technical-account (do not use distinguished name)
  • search-bind-password = your-technical-account-password
  • java.naming.referral = follow

The property ‘java.naming.referral = follow’ is necessary in most cases to avoid internal exceptions during a search request.

Thats it.

HOW TO CONFIGURE AN  EXTERNAL JNDI RESOURCE

You can also use the AD to lookup additional ldap attributes from you application code. There for you need to add a external JNDI Resource which can be configured from the GlassFish console. Use the following example settings:

  • JNDI Name : you-custom-resource-name
  • Resource Type: javax.naming.ldap.LdapContext
  • Factory CLass: com.sun.jndi.ldap.LdapCtxFactory
  • JNDI Lookup: ‘DC=mycompany,DC=local’

Also here you should add some additional properties:

  • java.naming.provider.url = ldap://your-ad-server:389
  • java.naming.security.authentication = simple
  • java.naming.security.principal = some-technical-account (do not use distinguished name)
  • java.naming.security.credentials = your-technical-account-password
  • java.naming.referral = follow

The property ‘java.naming.referral = follow’ again is important here.

To lookup the external resource from your application you can use the either a annotation:

@Resource(name = "you-custom-resource-name")
private DirContext ldapConn;

You can also do a programatic lookup like this:

Context initCtx = new InitialContext();
ldapCtx = (LdapContext) initCtx.lookup("you-custom-resource-name");

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Proudly powered by WordPress