#!/bin/bashCACHETYPE="" ## empty || cache-type=defaultFLAG="sufficient"SECU

1. #!/bin/bash
2. CACHETYPE="" ## empty || cache-type=default
3. FLAG="sufficient"
4. SECURITY_DOMAIN_NAME="name"
5. SECURITY_DOMAIN_LDAP_URL="ldap://ldap.example.com"
6. SECURITY_DOMAIN_LDAP_USER="cn=admin,dc=example.com"
7. SECURITY_DOMAIN_LDAP_PASSWORD="changethis"
8. SECURITY_DOMAIN_LDAP_USERS_DN="ou=people,dc=example,dc=com"
9. SECURITY_DOMAIN_LDAP_USER_LOGIN_ATTRIBUTE="(uid={0})"
10. SECURITY_DOMAIN_LDAP_ROLES_DN="ou=groups,dc=example,dc=com"
11. SECURITY_DOMAIN_LDAP_USERS_IN_ROLE_ATTRIBUTE="(member={1})"
12. SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE="cn"
13.  
14.  
15.  
16. jboss-cli.sh --connect --command /profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/:add($CACHETYPE)
17.  
18. jboss-cli.sh --connect --command /profile=full-ha/subsystem=security/security-domain=$SECURITY_DOMAIN_NAME/authentication=classic:add(login-modules=[{"code"=>"LdapExtended", "flag"=>"$FLAG", "module-options"=>[("java.naming.provider.url" => "$SECURITY_DOMAIN_LDAP_URL"),("java.naming.factory.initial" => "com.sun.jndi.ldap.LdapCtxFactory"),("bindDN" => "$SECURITY_DOMAIN_LDAP_USER"),("bindCredential" => "$SECURITY_DOMAIN_LDAP_PASSWORD"),("baseCtxDN" => "$SECURITY_DOMAIN_LDAP_USERS_DN"),("baseFilter" => "$SECURITY_DOMAIN_LDAP_USER_LOGIN_ATTRIBUTE"),("rolesCtxDN" => "$SECURITY_DOMAIN_LDAP_ROLES_DN"),("roleFilter" => "$SECURITY_DOMAIN_LDAP_USERS_IN_ROLE_ATTRIBUTE"),("roleAttributeID" => "$SECURITY_DOMAIN_LDAP_USER_ATTRIBUTE_IN_ROLE"),("allowEmptyPasswords" => "SUBTREE_SCOPE")] }] )