The LDAP security provider includes authentication, attribution, and authorization providers.
You can configure these providers:
- The LDAPLoginModule provides authentication services. Through appropriate configuration, you can enable certificate authentication in LDAPLoginModule.
- Optional. The LDAPAuthorizer or RoleCheckAuthorizer provide authorization services for LDAPLoginModule. LDAPLoginModule works with either authorizer. In most production deployments, you configure your own authorizer.
However, if you are authenticating against a service other than LDAP, but want to perform authorization against LDAP, you can use the LDAPAuthorizer.
- Optional. The LDAPAttributer provides attribution services.
You need not configure all LDAP providers. You can also implement some LDAP providers with providers of other types.