I am trying to connect to the AEM 6.1 SP2 Java 8 environment running on Linux with a Windows Java 8 JConsole. I can connect to it unauthenticated. I can connect to it with SSL Client-Certs. I can not connect to it if I try to enable/configure external ldap server which requires authentication (ie. non-anonymous bind).
I am having problems with the JAAS configuration. It seems I have found that the OSGi packaging affects the JNDI InitialContext which manages the SharedState values that the LdapLoginModule uses. Specifically the javax.security.auth.login.password is not there which I see when I use the tryFirstPass=true in the JAAS configuration. I identified that the com.day.common.simplejndi integration appears to change the shared state configuration to allow for the multiple osgi applications.
So I am hoping someone on the forum has configured and tested JMX remote monitoring with SSL client authentication and external ldap authentication might be able to share the options used in the ldap.conf file to bind to the ldap server? I require both SSL certificates for network traffic encryption and external ldap authentication to limit role access to prevent JMX operations from being executed.
Please some suggestions, ideas, tests.....I want to 'Configure over Customize' by using OOTB login modules rather than create a new one. (I even tried to use the Oak external login module in the jre/lib/ext directory but that has too many dependencies to take it out of the OSGi packaged environment.)
Here's a sample ldap.conf
ThisCompanyConfig3 {
com.sun.security.auth.module.LdapLoginModule REQUIRED
userProvider="ldaps://the-ldap-server/ou=Employee,ou=People,o=Company,c=US"
userFilter="(uid={USERNAME})"
authIdentity="specialDN=1234567,ou=Employee,ou=People,o=Company,c=US"
clearPass=true
storePass=false
debug=true
authzIdentity=monitorRole;
};
