You may decide to make eXo users be mapped to an existing directory. eXo provides a flexible implementation of its OrganizationService on top of LDAP. It can be used on any LDAP compliant directory and even Active Directory. This page will guide you how to configure eXo Platform to work with your directory.
If you want to know how eXo Platform works with LDAP, simply look at the predefined LDAP configuration. You just need to activate it and eXo will create everything it needs to work at startup.
You need to have a working LDAP server and a user with write permissions.
Open
idm-configuration.xmllocated at$PLATFORM_TOMCAT_HOME/webapps/platform-extension/WEB-INF/conf/organization, then comment this tag:<value>war:/conf/organization/picketlink-idm/picketlink-idm-config.xml</value>
Next, add this tag:
<value>war:/conf/organization/picketlink-idm/picketlink-idm-ldap-config.xml</value>
Under
$PLATFORM_TOMCAT_HOME/webapps/platform-extension/WEB-INF/conf/organization/picketlink-idm, add thepicketlink-idm-ldap-config.xmlfile.The content of this file is as follows:
<?xml version="1.0" encoding="UTF-8"?>
<jboss-identity xmlns="urn:picketlink:idm:config:v1_0_0_ga"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:picketlink:idm:config:v1_0_0_ga identity-config.xsd">
<realms>
<realm>
<id>idm_realm_sample-portal</id>
<repository-id-ref>DefaultPortalRepository</repository-id-ref>
<identity-type-mappings>
<user-mapping>USER</user-mapping>
</identity-type-mappings>
<options>
<option>
<name>cache.providerRegistryName</name>
<value>apiCacheProvider</value>
</option>
</options>
</realm>
<realm>
<id>idm_realm</id>
<repository-id-ref>PortalRepository</repository-id-ref>
<identity-type-mappings>
<user-mapping>USER</user-mapping>
</identity-type-mappings>
<options>
<option>
<name>template</name>
<value>true</value>
</option>
<option>
<name>cache.providerRegistryName</name>
<value>apiCacheProvider</value>
</option>
</options>
</realm>
</realms>
<repositories>
<repository>
<id>PortalRepository</id>
<class>org.picketlink.idm.impl.repository.FallbackIdentityStoreRepository</class>
<external-config/>
<default-identity-store-id>HibernateStore</default-identity-store-id>
<default-attribute-store-id>HibernateStore</default-attribute-store-id>
<identity-store-mappings>
<identity-store-mapping>
<identity-store-id>PortalLDAPStore</identity-store-id>
<identity-object-types>
<identity-object-type>USER</identity-object-type>
<identity-object-type>platform_type</identity-object-type>
<identity-object-type>organization_type</identity-object-type>
</identity-object-types>
<options/>
</identity-store-mapping>
</identity-store-mappings>
<options>
<option>
<name>allowNotDefinedAttributes</name>
<value>true</value>
</option>
</options>
</repository>
<repository>
<id>DefaultPortalRepository</id>
<class>org.picketlink.idm.impl.repository.WrapperIdentityStoreRepository</class>
<external-config/>
<default-identity-store-id>HibernateStore</default-identity-store-id>
<default-attribute-store-id>HibernateStore</default-attribute-store-id>
</repository>
</repositories>
<stores>
<attribute-stores/>
<identity-stores>
<identity-store>
<id>HibernateStore</id>
<class>org.picketlink.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class>
<external-config/>
<supported-relationship-types>
<relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
<relationship-type>JBOSS_IDENTITY_ROLE</relationship-type>
</supported-relationship-types>
<supported-identity-object-types>
<identity-object-type>
<name>USER</name>
<relationships/>
<credentials>
<credential-type>PASSWORD</credential-type>
</credentials>
<attributes/>
<options/>
</identity-object-type>
</supported-identity-object-types>
<options>
<option>
<name>hibernateSessionFactoryRegistryName</name>
<value>hibernateSessionFactory</value>
</option>
<option>
<name>populateRelationshipTypes</name>
<value>true</value>
</option>
<option>
<name>populateIdentityObjectTypes</name>
<value>true</value>
</option>
<option>
<name>allowNotDefinedIdentityObjectTypes</name>
<value>true</value>
</option>
<option>
<name>allowNotDefinedAttributes</name>
<value>true</value>
</option>
<option>
<name>isRealmAware</name>
<value>true</value>
</option>
<option>
<name>lazyStartOfHibernateTransaction</name>
<value>true</value>
</option>
</options>
</identity-store>
<identity-store>
<id>PortalLDAPStore</id>
<class>org.picketlink.idm.impl.store.ldap.LDAPIdentityStoreImpl</class>
<external-config/>
<supported-relationship-types>
<relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type>
</supported-relationship-types>
<supported-identity-object-types>
<identity-object-type>
<name>USER</name>
<relationships/>
<credentials>
<credential-type>PASSWORD</credential-type>
</credentials>
<attributes>
<attribute>
<name>firstName</name>
<mapping>cn</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
<attribute>
<name>lastName</name>
<mapping>sn</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
</attribute>
<attribute>
<name>email</name>
<mapping>mail</mapping>
<type>text</type>
<isRequired>false</isRequired>
<isMultivalued>false</isMultivalued>
<isReadOnly>false</isReadOnly>
<isUnique>true</isUnique>
</attribute>
</attributes>
<options>
<option>
<name>idAttributeName</name>
<value>uid</value>
</option>
<option>
<name>passwordAttributeName</name>
<value>userPassword</value>
</option>
<option>
<name>ctxDNs</name>
<value>ou=People,o=portal,o=gatein,dc=example,dc=com</value>
</option>
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=inetOrgPerson</value>
<value>sn= </value>
<value>cn= </value>
</option>
</options>
</identity-object-type>
<identity-object-type>
<name>platform_type</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>USER</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>platform_type</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
<attributes/>
<options>
<option>
<name>idAttributeName</name>
<value>cn</value>
</option>
<option>
<name>ctxDNs</name>
<value>ou=Platform,o=portal,o=gatein,dc=example,dc=com</value>
</option>
<!--<option>-->
<!--<name>entrySearchFilter</name>-->
<!--<value></value>-->
<!--</option>-->
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>parentMembershipAttributeName</name>
<value>member</value>
</option>
<option>
<name>isParentMembershipAttributeDN</name>
<value>true</value>
</option>
<option>
<name>allowEmptyMemberships</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=groupOfNames</value>
</option>
</options>
</identity-object-type>
<identity-object-type>
<name>organization_type</name>
<relationships>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>USER</identity-object-type-ref>
</relationship>
<relationship>
<relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref>
<identity-object-type-ref>organization_type</identity-object-type-ref>
</relationship>
</relationships>
<credentials/>
<attributes/>
<options>
<option>
<name>idAttributeName</name>
<value>cn</value>
</option>
<option>
<name>ctxDNs</name>
<value>ou=Organization,o=portal,o=gatein,dc=example,dc=com</value>
</option>
<!--<option>-->
<!--<name>entrySearchFilter</name>-->
<!--<value></value>-->
<!--</option>-->
<option>
<name>allowCreateEntry</name>
<value>true</value>
</option>
<option>
<name>parentMembershipAttributeName</name>
<value>member</value>
</option>
<option>
<name>isParentMembershipAttributeDN</name>
<value>true</value>
</option>
<option>
<name>allowEmptyMemberships</name>
<value>true</value>
</option>
<option>
<name>createEntryAttributeValues</name>
<value>objectClass=top</value>
<value>objectClass=groupOfNames</value>
</option>
</options>
</identity-object-type>
</supported-identity-object-types>
<options>
<option>
<name>providerURL</name>
<value>ldap://localhost:1389</value>
</option>
<option>
<name>adminDN</name>
<value>cn=admin</value>
</option>
<option>
<name>adminPassword</name>
<value>admin</value>
</option>
<option>
<name>searchTimeLimit</name>
<value>10000</value>
</option>
<option>
<name>createMissingContexts</name>
<value>true</value>
</option>
<option>
<name>customJNDIConnectionParameters</name>
<value>com.sun.jndi.ldap.connect.pool=true</value>
</option>
<option>
<name>customSystemProperties</name>
<value>com.sun.jndi.ldap.connect.pool.maxsize=300000</value>
<value>com.sun.jndi.ldap.connect.pool.protocol=plain ssl</value>
</option>
<option>
<name>cache.providerRegistryName</name>
<value>storeCacheProvider</value>
</option>
</options>
</identity-store>
</identity-stores>
</stores>
<options>
<option>
<name>defaultTemplate</name>
<value>idm_realm</value>
</option>
</options>
</jboss-identity>
Change the configuration corresponding to the configuration you put when configuring your LDAP server. You have to update values of options: providerURL, adminDN, adminPassword and all instances of ctxDNs according to your LDAP server configuration.
Start eXo Platform server.
eXo starts and auto-creates its organization model in your directory tree. Finally, the structure of the default LDAP schema looks like:
Now eXo uses your LDAP directory as its org model storage. Users, groups and memberships are now stored and retrieved from there. It is suggested that you complete some guideline functions with eXo user management portlet and see what it changes in your directory tree.