Configuring Security Using LDAP (via JAAS)
Lightweight Directory Access Protocol (LDAP) security is based on JAAS and requires Java 1.6. Using an earlier version of Java does not prevent Terracotta servers from running, but security will not be enabled.
To configure security using LDAP, follow these steps:
1. Save the following configuration to the file .java.login.config :
Terracotta {
com.sun.security.auth.module.LdapLoginModule REQUIRED
java.naming.security.authentication="simple"
userProvider="ldap://orgstage:389"
authIdentity="uid={USERNAME},ou=People,dc=terracotta,dc=org"
authzIdentity=controlRole
useSSL=false
bindDn="cn=Manager"
bindCredential="****"
bindAuthenticationType="simple"
debug=true;
};
Edit the values for userProvider (LDAP server), authIdentity (user identity), and bindCredential (encrypted password) to match the values for your environment.
2. Save the file .java.login.config to the directory named in the Java property user.home.
3. Add the following configuration to each <server> block in the Terracotta configuration file:
<server host="myHost" name="myServer">
...
<authentication>
<mode>
<login-config-name>Terracotta</login-config-name>
</mode>
</authentication>
...
</server>
4. Start the Terracotta server and look for a log message containing "INFO - Credentials: loginConfig[Terracotta]" to confirm that LDAP security is in effect.
Note:
If security is set up incorrectly, the Terracotta server can still be started. However, you might not be able to shut down the server using the shutdown script (stop-tc-server).