Microsoft Active Directory configuration

Technical references : Administration : LDAPS configuration : Microsoft Active Directory configuration

For Active Directory, a login module is developed that provides information to the user concerning the reasons for failing to log on.

The following cases are supported:

• Invalid credentials

• Not permitted to log on at this time

• Not permitted to log on at this workstation

• Account disabled

• Password must be reset

• Account is locked

• Unable to log on

• User name was not found

• Your password is expired

• Your account has expired

In all other cases a generic error is displayed (“Unable to log on.”).

Messages are only displayed if the login module flag is required. If you set it to another level, the module is not mandatory and no messages are displayed.

In order to use Active Directory authentication, you must configure the LDAPS settings first in the standalone-full.xml to match the LDAPS configuration to be used by the installation customer.

All steps are equal to the LDAPS configuration (please refer to the previous sections). The only difference between standard LDAPS and AD LDAPS is the login module.

1. Replace all occurrences of the LDAPS login module:

org.jboss.security.auth.spi.LdapExtLoginModule

with the AD login module:

com.planonsoftware.jboss.login.artemis.server.PnActiveDirectoryLoginModule

2. Do this twice for 'Login configuration with plain password' in the command line of Step 1.

3. Do this twice for 'Login configuration with encrypted password' in the command line of Step 4.