Introduction / FirstSpirit Server configuration / Configuration files (FirstSpirit Server) / Login process (fs-jaas.conf) / LDAP
LDAP
JAAS module name: de.espirit.firstspirit.server.authentication.LdapLoginModule
The LdapLoginModule provides 2 functions:
- Authentication: The combination of user name and password entered on the FirstSpirit start page are checked against the given LDAP directory. For this application case, the LdapLoginModule will be entered in the fs-jaas.conf file in webplain.
- Authorisation: Following authentication via any JAAS module, the information regarding group membership of the logged in user will now be read out of the LDAP directory. If the user authenticates themselves with a password, this 2nd function will be automatically performed during authentication and additional configuration is not necessary. If authentication takes place using a password-free ticket method, the LdapLoginModule must be entered in the fs-jaas.conf file in websso in the order behind the authentication module used.
An external LDAP server is used, e.g. the LDAP component of an Active Directory server. Reference to an LDAP server defined in fs-server.conf occurs via the parameter section. Only 1 LDAP section may be transferred as parameter at a time. If more than one LDAP section is used, for each section an individual line must be entered into the file fs-jaas.conf.