The default realm is the realm that the Application Server uses for authentication and authorization if an application's deployment descriptor does not specify a realm.
Expand the Configuration node.
Select the Security node.
The Security page displays.
In the Default Realm field, pick the desired realm from the drop-down list.
Click Save to save the changes or Load Defaults to delete changes and restore the Application Server default values.
Restart the server if Restart Required displays in the console.
The ldap realm performs authentication using information from an LDAP server. User information includes user name, password, and the groups to which the user belongs. To use an LDAP realm, the users and groups must already be defined in your LDAP directory.
To create an LDAP realm, follow the steps in To create a realm for adding a new realm, and add the properties shown in the following table.
Table 1 Required properties for ldap realm
Property Name | Description | Value |
---|---|---|
directory | LDAP URL of the directory server. | LDAP URL of the form ldap://hostname:portFor example, ldap://myldap.foo.com:389. |
base-dn | Base Distinguished Name (DN) for the location of user data, which can be at any level above the user data, since a tree scope search is performed. The smaller the search tree, the better the performance. | Domain for the search, for example: dc=siliconvalley, dc=BayArea, dc=sun, dc=com. |
jaas-context | Type of login module to use for this realm. | Must be ldapRealm. |
Optional properties for the ldap realm are shown in the following table.
Table 2 Optional properties for ldap realm
Property Name | Description | Default |
---|---|---|
search-filter | Search filter to use to find the user. | uid=%s (%s expands to the subject name). |
group-base-dn | Base DN for the location of group data. | Same as the base-dn, but it can be tuned if necessary. |
group-search-filter | Search filter to find group memberships for the user. | uniquemember=%d (%d expands to the user element DN). |
group-target | LDAP attribute name that contains group name entries. | CN |
search-bind-dn | Optional DN used to authenticate to the directory for performing the search-filter lookup. Only required for directories that do not allow anonymous search. | |
search-bind-password | LDAP password for the DN given in search-bind-dn. |
Example 1 LDAP Realm
Suppose an LDAP user, Joe Java, is defined in the LDAP directory as follows:
uid=jjava,ou=People,dc=acme,dc=com uid=jjava givenName=joe objectClass=top objectClass=person objectClass=organizationalPerson objectClass=inetorgperson sn=java cn=Joe Java |
Using the example code, when creating or editing the ldap realm, enter the following values:
directory: LDAP URL to your server, for example: ldap://ldap.acme.com:389.
base-dn: ou=People,dc=acme,dc=com. The base-dn can be rooted higher, for example dc=acme, dc=com, but searches would traverse a larger part of the tree, reducing performance.
jaas-context: ldapRealm.
The solaris realm gets user and group information from the underlying Solaris user database, as determined by the system's configuration. The solaris realm invokes the underlying PAM infrastructure for authenticating. If the configured PAM modules require root privileges, the domain must run as root to use this realm. For details, see the Solaris documentation for security services.
The solaris realm has one required property, jaas-context that specifies the type of login module to use. The property value must be solarisRealm.
Note - The solaris realm is supported only for Solaris 9 or later.