Knox Gateway Administration Guide
Also available as:
PDF
loading table of contents...

Example Active Directory Configuration

Typically the AD main.ldapRealm.userDnTemplate value looks slightly different than OpenLDAP. The value for main.ldapRealm.userDnTemplate is only required if AD authentication requires the full User DN.

[Note]Note

If Active Directory allows authentication based on the Common Name (CN) and password only, then no value will be required for main.ldapRealm.userDnTemplate.

<provider>
    <role>authentication</role>
    <name>ShiroProvider</name>
    <enabled>true</enabled>
    <param>
        <name>main.ldapRealm</name>
        <value>org.apache.shiro.realm.ldap.JndiLdapRealm</value>
    </param>
    <param>
        <name>main.ldapRealm.userDnTemplate</name>
        <value>cn={0},ou=people,dc-apache,dc=org</value>
    </param>
    <param>
        <name>main.ldapRealmcontextFactory.url</name>
        <value>ldap://localhost:389</value>
    </param>
    <param>
        <name>main.ldapRealm.contextFactory.authenticationMechanis</name>
        <value>simple</value>
    </param>
    <param>
        <name>urls./**</name>
        <value>authBasic</value>
    </param>
</provider>