BigMemory 4.3.7 | Product Documentation | BigMemory Max Security Guide | Using LDAP or Active Directory for Authentication | Active Directory Configuration
 
Active Directory Configuration
Specify the realm and URL in the <security> section of the Terracotta configuration as follows:
<auth>
<realm>com.tc.net.core.security.ShiroActiveDirectoryRealm</realm>
<url>ldap://admin_user@server_address:server_port/searchBase=search_domain%26
groupBindings=groups_to_roles</url>
<user></user>
</auth>
Note the value of the <realm> element, which must specify the correct class (or Shiro security realm) for Active Directory. The components of the URL are defined in the following table.
Component
Description
ldap://
For the scheme, use either ldap:// or ldaps://
admin_user
The name of a user with sufficient rights in Active Directory to perform a search in the domain specified by searchBase. The password for this user password must be stored in the Terracotta keychain used by the Terracotta server, using as key the root of the LDAP URI, ldap://admin_user@server_name:server_port , with no trailing slash ("/").
server_address: server_port
The IP address or resolvable fully qualified domain name of the server, and the port for Active Directory.
searchBase
Specifies the Active Directory domain to be searched. For example, if the Active Directory domain is reggae.jamaica.org, then the format is searchBase=dc=reggae,dc=jamaica,dc=org
groupBindings
Specifies the mappings between Active Directory groups and Terracotta roles. For example, groupBindings=Domain%20Admins=admin,Users=terracotta maps the Active Directory groups "Domain Admins" and "Users" to the "admin" and "terracotta" Terracotta roles, respectively. To be mapped, the named Active Directory groups must be part of the domain specified in searchBase; all other groups (including those with the specified names) in other domains are ignored.
For example:
<auth>
<realm>com.tc.net.core.security.ShiroActiveDirectoryRealm</realm>
<url>ldap://bmarley@172.16.254.1:389?searchBase=dc=reggae,dc=jamaica,dc=org%26
groupBindings=Domain%20Admins=admin,Users=terracotta</url>
<user></user>
</auth>