aditosoftware · louisdj · Mar 20, 2017 · Mar 20, 2017
diff --git a/Dockerfile b/Dockerfile
@@ -8,7 +8,10 @@ RUN mkdir -p /opt \
 EXPOSE 8443/tcp
 VOLUME ["/a/keydb"]
 
+RUN rm /opt/KeyBox-jetty/jetty/keybox/WEB-INF/classes/jaas.conf
+ADD jaas.conf /opt/KeyBox-jetty/jetty/keybox/WEB-INF/classes/jaas.conf
+
 ADD start.sh /a/start.sh
 RUN chmod +x /a/start.sh
 
-ENTRYPOINT  ["/a/start.sh"]
+ENTRYPOINT  ["/a/start.sh"]
diff --git a/README.md b/README.md
@@ -178,7 +178,6 @@ set an audit log server using log4j (ex: logstash). Edit the log4j.xml to config
 enable two-factor authentication
 
 
-
 ### Example:
 
 ```console
@@ -188,6 +187,27 @@ In this example two-factor authentication is disabled and the SSH Key Length is
 
 If you use docker-compose you can get a example "docker-compose.yml" in my GitHub Repository.
 
+## Active directory
+Edit the jaas.conf file and include the necessary data.
+
+### Example
+```console
+ldap-ad {
+    //AD example config
+    com.sun.security.auth.module.LdapLoginModule REQUIRED
+    userProvider="ldap://172.16.0.1:389/DC=company,DC=com"
+    //authIdentity="{USERNAME}"
+    userFilter="(&(samAccountName={USERNAME})(objectClass=user))"
+    authzIdentity="{displayName}" //set this to return full name
+    java.naming.security.authentication="simple"
+    java.naming.security.principal="CN=service ldap,OU=Active Directory,OU=Service Accounts,DC=company,DC=com"
+    java.naming.security.credentials="passw0rd"
+    useSSL=false
+    debug=false;
+};
+
+```
+
 ## Supported Docker versions
 
 This image is officially supported on Docker version 1.9.1.
@@ -198,4 +218,4 @@ Support for older versions (down to 1.6) is provided on a best-effort basis.
 
 ## Issues
 
-If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/aditosoftware/docker-keybox/issues).
+If you have any problems with or questions about this image, please contact us through a [GitHub issue](https://github.com/aditosoftware/docker-keybox/issues).
diff --git a/howtorun b/howtorun
@@ -0,0 +1,20 @@
+Build the docker image
+
+$ docker build -t keybox-ad .
+
+$ docker run -d \
+    -v /Users/louis.dejaeger/Docker/keybox:/a/keydb \
+    -p 8443:8443 \
+    -e resetApplicationSSHKey=false \
+    -e sshKeyType=rsa \
+    -e privateKey=/a/keydb/sshkey/private \
+    -e publicKey=/a/keydb/sshkey/private.pub \
+    -e enableInternalAudit=false \
+    -e deleteAuditLogAfter=90 \
+    -e serverAliveInterval=60 \
+    -e oneTimePassword=optional \
+    -e keyManagementEnabled=true \
+    -e forceUserKeyGeneration=false \
+    -e authKeysRefreshInterval=120 \
+    -e jaasModule=ldap-ad \
+    keybox-ad
diff --git a/jaas.conf b/jaas.conf
@@ -0,0 +1,13 @@
+ldap-ad {
+    //AD example config
+    com.sun.security.auth.module.LdapLoginModule REQUIRED
+    userProvider="ldap://<SERVER_IP>:389/DC=<DOMAIN>,DC=<EXTENSION>"
+    //authIdentity="{USERNAME}"
+    userFilter="(&(samAccountName={USERNAME})(objectClass=user))"
+    authzIdentity="{displayName}" //set this to return full name
+    java.naming.security.authentication="simple"
+    java.naming.security.principal="<USER (eg CN=svc)>"
+    java.naming.security.credentials="<PASSWORD>"
+    useSSL=false
+    debug=false;
+};
diff --git a/start.sh b/start.sh
@@ -35,4 +35,4 @@ ln -sf /a/keydb /opt/KeyBox-jetty/jetty/keybox/WEB-INF/classes/
 
 #Start keybox
 cd /opt/KeyBox-jetty/jetty/
-java -Xmx1024m -jar start.jar
+java -Xmx1024m -jar start.jar