Jboss CLI, change individual attributes of a security domain without having to remove and add the domain from scratch

Jboss CLI, change individual attributes of a security domain without having to remove and add the domain from scratch


If you need for instance to update the baseFilter of the AdvancedAdLdap module:



In the custom cli, execute this command:



/subsystem=security/security-domain=SPNEGO/authentication=classic/login-module=AdvancedAdLdap:write-attribute(name=module-options.baseFilter,value="(sAMAccountName={0})")





and the baseFilter is updated:

<security-domain name="SPNEGO" cache-type="default">
 <authentication>
  <login-module code="SPNEGO" flag="requisite">
   <module-option name="password-stacking" value="useFirstPass"/>
   <module-option name="serverSecurityDomain" value="host"/>
  </login-module>
  <login-module code="AdvancedAdLdap" flag="required">
   <module-option name="password-stacking" value="useFirstPass"/>
   <module-option name="bindDN" value="BLA"/>
   <module-option name="bindCredential" value="BLA"/>
   <module-option name="java.naming.provider.url" value="BLA"/>
   <module-option name="baseCtxDN" value="BLA"/>
   <module-option name="baseFilter" value="(sAMAccountName={0})"/>
   <module-option name="roleAttributeID" value="memberOf"/>
   <module-option name="rolesCtxDN" value="BLA"/>
   <module-option name="roleAttributeIsDN" value="true"/>
   <module-option name="roleNameAttributeID" value="cn"/>
   <module-option name="searchScope" value="SUBTREE_SCOPE"/>
   <module-option name="recurseRoles" value="true"/>
  </login-module>
  <login-module code="org.jboss.security.auth.spi.RoleMappingLoginModule" flag="optional">
   <module-option name="rolesProperties" value="${jboss.server.config.dir}/bla-war/roles.properties"/>
   <module-option name="replaceRole" value="false"/>
  </login-module>
 </authentication>
</security-domain>