Fuse ESB : How to configure Fuse ESB for authentication against an Active Directory server

Fuse ESB supplies a JAAS login module that enables it to use LDAP to authenticate users.

This tutorial will be focused on how we configure Fuse ESB for authentication against an Active Directory server.

The example defines a JAAS realm that uses the Active Directory server located at ldap://localhost:389 :

View of ldap-module.xml file to be copied into the Fuse ESB deploy/ directory:

<?xml version="1.0" encoding="UTF-8"?>

<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"

  xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"

  xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

  <jaas:config name="karaf" rank="1">

    <jaas:module className="org.apache.karaf.jaas.modules.ldap.LDAPLoginModule" flags="required">

      initialContextFactory=com.sun.jndi.ldap.LdapCtxFactory

      connection.username=user_service@company.com

      connection.password=password

      connection.url=ldap://localhost:389

      user.base.dn= OU=Users,DC=company,DC=com

      user.filter=(samAccountName=%u)

      user.search.subtree=true

      role.base.dn=OU=Groups,OU,DC=company,DC=com

      role.name.attribute=cn

      role.filter=(sAMAccountName=Operator)

      role.search.subtree=true

      authentication=simple

    </jaas:module>

  </jaas:config>

</blueprint>

NB: You have to change the value of karaf.admin.role in etc/system properties, the value should correspond to your Group mentioned in role.filter of the ldap-module.xml file.


The example allow the authentication to Fuse ESB, if the user is present in the Organisation Unit “OU=Users” and member of Operator Group.


The LDAP module is automatically activated when you put the file in deploy directory.


Enjoy !