Configure JBoss with LDAP

User Rating: 5 / 5

Star ActiveStar ActiveStar ActiveStar ActiveStar Active

In this tutorial we will show how to connect JBoss AS 7 (and earlier AS releases too) to OpenLDAP directory service.

OpenLDAP is a free suite of client and server tools that implement the Lightweight Directory Access Protocol (LDAP) for Linux/Windows. Strictly speaking, though, LDAP isn't a database at all, but a protocol used to access information stored in an information directory (also known as an LDAP directory).
OpenLDAP is available at
If you are looking for a Windows version, you can find it here:


OpenLDAP installation guide for Linux can be found here: (Windows users can simply execute the OpenldapforWindows.exe which will guide you through an intuitive wizard.)

Once installed open the slapd.conf file and let's customize the top level of the LDAP directory tree. In particular we will change the domain component (dc) to (replace it with your actual domain).

suffix        "dc=acme,dc=com"
rootdn        "cn=Manager,dc=acme,dc=com"

 Once done with it, you can start LDAP using:

su root -c /usr/local/libexec/slapd  # Linux

slapd.exe # Windows

Now in order to connect LDAP with JBoss AS, you need to define one user and assign it to one role. For this purpose we will create one user named admin and assign it to the role Manager.

In this tutorial we have used the free tool JXExplorer to connect to OpenLDAP and load the ldif file.

dn: dc=acme,dc=com
objectclass: top
objectclass: dcObject
objectclass: organization
dc: acme
o: MCC


dn: ou=People,dc=acme,dc=com
objectclass: top
objectclass: organizationalUnit
ou: People


dn: uid=admin,ou=People,dc=acme,dc=com
objectclass: top
objectclass: uidObject
objectclass: person
uid: admin
cn: Manager
sn: Manager
userPassword: secret


dn: ou=Roles,dc=acme,dc=com
objectclass: top
objectclass: organizationalUnit
ou: Roles


dn: cn=Manager,ou=Roles,dc=acme,dc=com
objectClass: top
objectClass: groupOfNames
cn: Manager
description: the acmeAS7 group
member: uid=admin,ou=People,dc=acme,dc=com

Once loaded the LDIF file, try reconnecting to OpenLDAP using the following credentials:
jboss ldap tutorial jboss ldap tutorial jboss ldap tutorial
You should see the following directory structure, containing one user (admin) and one role (Manager):

jboss ldap tutorial openldap jboss example howto