WildFly 17.0 Model Reference

  1. WildFly 17.0
  2. subsystem=elytron
  3. ldap-realm

A security realm definition backed by LDAP.

Provided capabilities(2)

Attributes (4)

  • allow-blank-password Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • dir-context The configuration to connect to a LDAP server.
    • Attribute Value
    Capability reference
    Type STRING
    Nillable false
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • direct-verification Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?
    • Attribute Value
    Default Value false
    Type BOOLEAN
    Nillable true
    Expressions Allowed true
    Storage configuration
    Access Type read-write
    Restart Required all-services
  • identity-mapping The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.
    • Attribute Value
    Type OBJECT
    Nillable false
    Expressions Allowed false
    Storage configuration
    Access Type read-write
    Restart Required all-services

Operations (8)

  • add The add operation for the security realm.
    Request Parameter Type Required Expressions Allowed Default value Description
    allow-blank-password BOOLEAN false true false Does this realm support blank password direct verification? Blank password attempt will be rejected otherwise.
    dir-context STRING true false The configuration to connect to a LDAP server.
    direct-verification BOOLEAN false true false Does this realm support verification of credentials by directly connecting to LDAP as the account being authenticated?
    identity-mapping OBJECT true false The configuration options that define how principals are mapped to their corresponding entries in the underlying LDAP server.
  • add-identity Add an identity to a security realm.
    Request Parameter Type Required Expressions Allowed Default value Description
    identity STRING true false The name of the identity.
  • add-identity-attribute Add an attribute to an existing identity.
    Request Parameter Type Required Expressions Allowed Default value Description
    identity STRING true false The name of the identity.
    name STRING true false The name of the attribute.
    value LIST true false The value of the attribute.
  • read-identity Read an identity from a security realm if it exists.
    Request Parameter Type Required Expressions Allowed Default value Description
    identity STRING true false The name of the identity.
  • remove The remove operation for the security realm.
  • remove-identity Remove an identity from a security realm.
    Request Parameter Type Required Expressions Allowed Default value Description
    identity STRING true false The name of the identity.
  • remove-identity-attribute Remove an attribute to an existing identity.
    Request Parameter Type Required Expressions Allowed Default value Description
    identity STRING true false The name of the identity.
    name STRING true false The name of the attribute.
    value LIST false false The value of the attribute.
  • set-password Add a password to an existing identity.
    Request Parameter Type Required Expressions Allowed Default value Description
    identity STRING true false The name of the identity.
    bcrypt OBJECT false false A password using the Bcrypt algorithm.
    clear OBJECT false false A password in clear text.
    simple-digest OBJECT false false A simple digest password.
    salted-simple-digest OBJECT false false A salted simple digest password.
    scram-digest OBJECT false false A password using the SCRAM digest algorithm.
    digest OBJECT false false A digest password.
    otp OBJECT false false A one-time password, used by the OTP SASL mechanism.