hazelcast-guides · enozcan · Nov 10, 2020 · Nov 9, 2020 · Nov 10, 2020 · Nov 10, 2020
diff --git a/.gitignore b/.gitignore
@@ -9,4 +9,6 @@ target/
 *.iml
 *.ipr
 *.iws
-*.txt
+*.txt
+index.html
+index.pdf
diff --git a/README.md b/README.md
@@ -1 +1,3 @@
+You can find the configurations referred in the guide under `doc/modules/ROOT/examples`.
+
 See the guide [here](include published URL).
diff --git a/create.sh b/create.sh
diff --git a/doc/antora.yml b/doc/antora.yml
@@ -1,4 +1,3 @@
-name: guide-name    # a brief module name. This will be included in the guide url.
-title: Guide Title  # a brief module title. This will not show up on the website.
+name: active-directory-authentication
+title: Active Directory authentication in Hazelcast
 version: master
-
diff --git a/doc/modules/ROOT/assets/images/ad-new-accounts-for-members.png b/doc/modules/ROOT/assets/images/ad-new-accounts-for-members.png
diff --git a/doc/modules/ROOT/assets/images/add-firewall-rule.png b/doc/modules/ROOT/assets/images/add-firewall-rule.png
diff --git a/doc/modules/ROOT/assets/images/azure-ad-template-on-github.png b/doc/modules/ROOT/assets/images/azure-ad-template-on-github.png
diff --git a/doc/modules/ROOT/assets/images/azure-deployed-ad-domain.png b/doc/modules/ROOT/assets/images/azure-deployed-ad-domain.png
diff --git a/doc/modules/ROOT/assets/images/azure-deployment.png b/doc/modules/ROOT/assets/images/azure-deployment.png
diff --git a/doc/modules/ROOT/assets/images/client-running.png b/doc/modules/ROOT/assets/images/client-running.png
diff --git a/doc/modules/ROOT/assets/images/two-members-cluster.png b/doc/modules/ROOT/assets/images/two-members-cluster.png
diff --git a/doc/modules/ROOT/examples/allow-hazelcast-port.ps1 b/doc/modules/ROOT/examples/allow-hazelcast-port.ps1
@@ -0,0 +1,3 @@
+New-NetFirewallRule -DisplayName 'Hazelcast ports 5701-5703' `
+  -Name Hazelcast -Direction Inbound -Action Allow `
+  -Protocol TCP -LocalPort 5701-5703
diff --git a/doc/modules/ROOT/examples/create-groups-and-map-user.ps1 b/doc/modules/ROOT/examples/create-groups-and-map-user.ps1
@@ -0,0 +1,7 @@
+New-ADGroup -Name "Acme Cache" -GroupScope Global `
+  -Description "Cache users"
+New-ADGroup -Name "Acme Cache Czechia" -GroupScope Global `
+  -Description "Cache users in the Czech Republic"
+
+Add-ADGroupMember -Identity "Acme Cache" -Members "Acme Cache Czechia"
+Add-ADGroupMember -Identity "Acme Cache Czechia" -Members hazelcast
diff --git a/doc/modules/ROOT/examples/debug-logging.properties b/doc/modules/ROOT/examples/debug-logging.properties
@@ -0,0 +1,5 @@
+handlers=java.util.logging.ConsoleHandler
+.level=INFO
+java.util.logging.ConsoleHandler.level=ALL
+java.util.logging.SimpleFormatter.format=%1$tF-%1$tT [%4$s] %2$s %5$s%6$s%n
+com.hazelcast.security.level=ALL
diff --git a/doc/modules/ROOT/examples/hazelcast-client.yml b/doc/modules/ROOT/examples/hazelcast-client.yml
@@ -0,0 +1,18 @@
+hazelcast-client:
+  network:
+    cluster-members:
+      - 10.0.0.10
+      - 10.0.0.11
+  security:
+    kerberos:
+      security-realm: krb5Initiator
+    realms:
+      - name: krb5Initiator
+        authentication:
+          jaas:
+            - class-name: com.sun.security.auth.module.Krb5LoginModule
+              usage: REQUIRED
+              properties:
+                isInitiator: true
+                useTicketCache: true
+                doNotPrompt: true
diff --git a/doc/modules/ROOT/examples/hazelcast-simple.yml b/doc/modules/ROOT/examples/hazelcast-simple.yml
@@ -0,0 +1,28 @@
+hazelcast:
+  license-key: "PUT_THE_LICENSE_KEY_HERE"
+  network:
+    join:
+      multicast:
+        enabled: false
+      tcp-ip:
+        enabled: true
+        member-list:
+          - 10.0.0.10
+          - 10.0.0.11
+  security:
+    enabled: true
+    realms:
+      - name: kerberosRealm
+        authentication:
+          kerberos:
+            relax-flags-check: true
+            use-name-without-realm: true
+            principal: hz/10.0.0.11@ACME.COM
+            keytab-file: hz-app1.keytab
+        identity:
+          kerberos:
+            realm: ACME.COM
+            principal: hz/10.0.0.11@ACME.COM
+            keytab-file: hz-app1.keytab
+    member-authentication:
+      realm: kerberosRealm
diff --git a/doc/modules/ROOT/examples/hazelcast.yml b/doc/modules/ROOT/examples/hazelcast.yml
@@ -0,0 +1,69 @@
+hazelcast:
+  license-key: "PUT_THE_LICENSE_KEY_HERE"
+  network:
+    join:
+      multicast:
+        enabled: false
+      tcp-ip:
+        enabled: true
+        member-list:
+          - 10.0.0.10
+          - 10.0.0.11
+  security:
+    enabled: true
+    realms:
+      - name: kerberosRealm
+        authentication:
+          kerberos:
+            relax-flags-check: true
+            use-name-without-realm: true
+            security-realm: krb5Acceptor
+            ldap:
+              url: ldap://DC1.acme.com/
+              system-authentication: GSSAPI
+              security-realm: krb5Initiator
+              skip-authentication: true
+              user-context: DC=acme,DC=com
+              user-filter: "(|(sAMAccountName={login})(servicePrincipalName={login}))"
+              role-mapping-mode: direct
+              role-mapping-attribute: memberOf
+              role-recursion-max-depth: 5
+              role-name-attribute: CN
+              parse-dn: false
+        identity:
+          kerberos:
+            realm: ACME.COM
+            security-realm: krb5Initiator
+      - name: krb5Acceptor
+        authentication:
+          jaas:
+            - class-name: com.sun.security.auth.module.Krb5LoginModule
+              usage: REQUIRED
+              properties:
+                isInitiator: false
+                useTicketCache: false
+                doNotPrompt: true
+                useKeyTab: true
+                storeKey: true
+                principal: hz/10.0.0.11@ACME.COM
+                keyTab: hz-app1.keytab
+      - name: krb5Initiator
+        authentication:
+          jaas:
+            - class-name: com.sun.security.auth.module.Krb5LoginModule
+              usage: REQUIRED
+              properties:
+                isInitiator: true
+                useTicketCache: false
+                doNotPrompt: true
+                useKeyTab: true
+                storeKey: true
+                principal: hz/10.0.0.11@ACME.COM
+                keyTab: hz-app1.keytab
+    member-authentication:
+      realm: kerberosRealm
+    client-authentication:
+      realm: kerberosRealm
+    client-permissions:
+      all:
+        principal: "Acme Cache"
diff --git a/doc/modules/ROOT/examples/krb5.ini b/doc/modules/ROOT/examples/krb5.ini
@@ -0,0 +1,8 @@
+[libdefaults]
+    default_realm = ACME.COM
+[realms]
+    ACME.COM = {
+        kdc = dc1.acme.com
+    }
+[domain_realm]
+    .acme.com = ACME.COM
-Original file line number
+Diff line change
@@ Expand Up / @@ -9,4 +9,6 @@ target/ @@
     *.iml
     *.ipr
     *.iws
-    *.txt
+    *.txt
+    index.html
+    index.pdf
Original file line number	Diff line number	Diff line change
		@@ -1 +1,3 @@
		You can find the configurations referred in the guide under `doc/modules/ROOT/examples`.

		See the guide [here](include published URL).