Description:
Using Mangled bindPassword with FTL JAAS module LdapLoginModule.

The prebuilt JAAS login module LdapLoginModule accepts only clear-text password for bindPassword. If we encrypt or mangle the bindPassword, authentication fails as the module will not be able to bind to LDAP server. Attached is a modified JAAS module (Filename: customLDAPJaasModule.jar), which internally uses the FTL Admin API to unmangle the bindPassword. This JAAS module can be used with both mangled and clear-text bindPassword.

Starting FTL Realm Server with customLDAPJaasModule.jar .

1). Update the CLASSPATH in tibrealmserver.bat or tibrealmadmin to include the customLDAPJaasModule.jar . 

2). Update the ldap.jaas file to use LdapLoginModuleMangled as below.

tibrealmserver {
  com.tibco.ftl.jaas.LdapLoginModuleMangled required
  debug="true"
.......
};

3). Update the bindPassword with mangled password generating using:  tibrealmadmin --mangle <password>

4). Start the server using the updated tibrealmserver.bat or tibrealmadmin. e.g., ./tibrealserver -d <path to data directory> -ht localhost:8080 -j <path to ldap.jaas>

Note that the source code is attached (Filename: LdapLoginModuleMangled.java) for your refeernce. You will need to have the following JARs in the CLASSPATH for compiling the Java file.

realmserver.jar
jetty9-all.jar

Using Mangled bindPassword with FTL JAAS module LdapLoginModule.