Bastillion LDAPS Tempalte for jaas.conf

// BASTILLION CONFIG TEMPLATE TO USE LDAP OVER SSL WITH WINDOWS SERVER
// If you followed the documentation from Bastillion this file may be located at C:\Bastillion-jetty\jetty\bastillion\WEB-INF\classes\jaas.conf

// Below command imports your LDAP over SSL certificate into the java trust store
// cd "C:\Program Files\Java\jdk-<version number>\lib\security\cacerts"
// keytool -keystore "C:\Program Files\Java\jdk-<version number>\lib\security\cacerts" -import -alias -certificateldaps -file C:\Users\Public\Downlodas\LDAPSNoKey.cer

ldap-ad {
    com.sun.security.auth.module.LdapLoginModule REQUIRED
    userProvider="ldap://domain-controller.domain.com:636/DC=domain,DC=com"
    authIdentity="{USERNAME}"
    userFilter="(&(|(samAccountName={USERNAME})(userPrincipalName={USERNAME})(cn={USERNAME}))(objectClass=user))"
    authzIdentity="{displayName}" // returns full names
    java.naming.security.authentication="simple"
    useSSL=true
    debug=true;
};
ldap-ad-with-roles {
    org.eclipse.jetty.jaas.spi.LdapLoginModule required
    debug="true"
    useLdaps="true"
    contextFactory="com.sun.jndi.ldap.LdapCtxFactory"
    hostname="domain-controller.domain.com"
    port="636"
    directGroupExtraction="true"
    authenticationMethod="simple"
    userGroupAttribute="cn"
    forceBindingLogin="false"
    userBaseDn="cn=users,dc=domain,dc=com" // Where to look for user names
    userRdnAttribute="userPrincipalName"
    userIdAttribute="userPrincipalName"
    userPasswordAttribute="unicodePwd"
    userObjectClass="user"
    roleSubtree="true"
    roleBaseDn="OU=Groups,DC=domain,DC=com" // where to look for security group
    roleNameAttribute="CN"
    roleMemberAttribute="member" 
    roleObjectClass="group";
};