Cached LDAP authorization module is an implementation of an default authorization module that initializes and updates data from LDAP. It supports all standard features like defining wildcard policy entries and entry for temporary destinations.
We provide two ldif files for easy starting. The first one is for Apache Directory Server (ldif), which we use in embedded mode for testing. For an example on how to initialize the embedded ApacheDS with this ldif file take a look at CachedLDAPSecurityTest
To initialize your (properly configured) OpenLDAP do something like
Once entries are in LDAP, you can configure the module to load entries from there. A default values are adapted for embedded Apache DS server, so all you have to do in that case is add your plugin to the broker xml conf
For the OpenLDAP case, you should define more parameters
The list of all properties for cachedLDAPAuthorizationMap
Many LDAP servers supports so called "persistent search" feature which allows applications to receive changes in LDAP in a "push" manner. By default this plugin assumes that LDAP server supports this feature and will "register" to get live updates.
For servers that doesn't support this yet (like OpenLDAP), we provide "pull" updates. In this case you need to set refreshInterval property, which will define the update period for the plugin (so in this case, updates will not be immediately applied)