How to connect multiple LDAP servers with XLR

Follow

Michelle Chin -

It's possible to configure XL Release to use multiple LDAP repositories.

Here's a sample configuration of an xl-release-security.xml to connect to 2 LDAP domains at xl.com and xl.emea.com.

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:security="http://www.springframework.org/schema/security"
xsi:schemaLocation="
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security.xsd
">

<!--connect to localhost:389 (xl.com) -->
<bean id="ldapServer" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:389/" />
<property name="userDn" value="cn=admin,dc=xl,dc=com" />
<property name="password" value="password" />
<property name="baseEnvironmentProperties">
<map>
<entry key="java.naming.referral">
<value>ignore</value>
</entry>
</map>
</property>
</bean>

<!--search for users from xl.com -->
<bean id="userSearch" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="dc=xl,dc=com" />
<constructor-arg index="1" value="(&amp;(uid={0})(objectClass=inetOrgPerson))" />
<constructor-arg index="2" ref="ldapServer" />
</bean>

<!--search based on OUs from xl.com -->
<bean id="authoritiesPopulator" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer" />
<constructor-arg value="ou=users,dc=xl,dc=com" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="false" />
</bean>

<!--set up the provider to access xl.com with the information above -->
<bean id="ldapProvider" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="ldapServer" />
<property name="userSearch" ref="userSearch"/>
</bean>
</constructor-arg>
<constructor-arg ref="authoritiesPopulator"/>
</bean>

<!--connect to localhost:1389 (xl.emea.com) -->
<bean id="ldapServer2" class="org.springframework.security.ldap.DefaultSpringSecurityContextSource">
<constructor-arg value="ldap://localhost:1389/" />
<property name="userDn" value="cn=admin,dc=xl,dc=emea,dc=com" />
<property name="password" value="password" />
<property name="baseEnvironmentProperties">
<map>
<entry key="java.naming.referral">
<value>ignore</value>
</entry>
</map>
</property>
</bean>

<!--search for users from xl.emea.com -->
<bean id="userSearch2" class="org.springframework.security.ldap.search.FilterBasedLdapUserSearch">
<constructor-arg index="0" value="dc=xl,dc=emea,dc=com" />
<constructor-arg index="1" value="(&amp;(uid={0})(objectClass=inetOrgPerson))" />
<constructor-arg index="2" ref="ldapServer2" />
</bean>

<!--search based on OUs from xl.emea.com -->
<bean id="authoritiesPopulator2" class="org.springframework.security.ldap.userdetails.DefaultLdapAuthoritiesPopulator">
<constructor-arg ref="ldapServer2" />
<constructor-arg value="ou=devs,dc=xl,dc=emea,dc=com" />
<property name="groupSearchFilter" value="(member={0})" />
<property name="rolePrefix" value="" />
<property name="searchSubtree" value="true" />
<property name="convertToUpperCase" value="false" />
</bean>

<!--set up the provider to access xl.emea.com with the information above -->
<bean id="ldapProvider2" class="org.springframework.security.ldap.authentication.LdapAuthenticationProvider">
<constructor-arg>
<bean class="org.springframework.security.ldap.authentication.BindAuthenticator">
<constructor-arg ref="ldapServer2" />
<property name="userSearch" ref="userSearch2"/>
</bean>
</constructor-arg>
<constructor-arg ref="authoritiesPopulator2"/>
</bean>

<bean id="rememberMeAuthenticationProvider" class="com.xebialabs.deployit.security.authentication.RememberMeAuthenticationProvider"/>

<security:authentication-manager alias="authenticationManager">
<security:authentication-provider ref="rememberMeAuthenticationProvider" />
<security:authentication-provider ref="XlAuthenticationProvider"/>
<security:authentication-provider ref="ldapProvider" />
<security:authentication-provider ref="ldapProvider2" />
</security:authentication-manager>

</beans>
Have more questions? Submit a request