Jboss CLI, change individual attributes of a security domain without having to remove and add the domain from scratch
If you need for instance to update the baseFilter of the AdvancedAdLdap module:
In the custom cli, execute this command:
/subsystem=security/security-domain=SPNEGO/authentication=classic/login-module=AdvancedAdLdap:write-attribute(name=module-options.baseFilter,value="(sAMAccountName={0})")
and the baseFilter is updated:
If you need for instance to update the baseFilter of the AdvancedAdLdap module:
In the custom cli, execute this command:
/subsystem=security/security-domain=SPNEGO/authentication=classic/login-module=AdvancedAdLdap:write-attribute(name=module-options.baseFilter,value="(sAMAccountName={0})")
and the baseFilter is updated:
<security-domain name="SPNEGO" cache-type="default">
<authentication>
<login-module code="SPNEGO" flag="requisite">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="serverSecurityDomain" value="host"/>
</login-module>
<login-module code="AdvancedAdLdap" flag="required">
<module-option name="password-stacking" value="useFirstPass"/>
<module-option name="bindDN" value="BLA"/>
<module-option name="bindCredential" value="BLA"/>
<module-option name="java.naming.provider.url" value="BLA"/>
<module-option name="baseCtxDN" value="BLA"/>
<module-option name="baseFilter" value="(sAMAccountName={0})"/>
<module-option name="roleAttributeID" value="memberOf"/>
<module-option name="rolesCtxDN" value="BLA"/>
<module-option name="roleAttributeIsDN" value="true"/>
<module-option name="roleNameAttributeID" value="cn"/>
<module-option name="searchScope" value="SUBTREE_SCOPE"/>
<module-option name="recurseRoles" value="true"/>
</login-module>
<login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
<module-option name="rolesProperties" value="${jboss.server.config.dir}/bla-war/roles.properties"/>
<module-option name="replaceRole" value="false"/>
</login-module>
</authentication>
</security-domain>