From OpenNMS

Here is a patch, against 1.2.0-1, to use Active Directory for authentication. To apply it, get the 1.2.0-1 source, change into the source dir, and run patch:

patch -Np1  < ../activedirectory.patch

Watch for rejects or other problems. You'll have to edit src/web/etc/web.xml and change the section which configures the org.opennms.web.authenticate.OpenNMSNtlmFilter filter - change the init-params to appropriate values for your location.

Also, you'll need a file named activedirectory-configuration.xml in ONMSHOME/etc, with contents somewhat like the following: (Change the bits in all CAPs to relevant local values - the groupNames can be anything you want, and by making AD users members of the named group, you grant them access).

The search-root also needs to be changed - I've left an example for a domain called EXAMPLE.COM. With this patch applied, your users can use Internet Explorer from their PC's that are logged into the domain, and will not have to authenticate (ONMS will use NTLM to do that automatically). Also, e-mail addresses etc will be retrieved from AD, so you needn't set that information up *again* in ONMS.

 <?xml version="1.0"?>
 <active-directory-connect-info>
         <domain-controller>DOMAINCONTROLLER</domain-controller>
         <username>DOMAIN\USERNAME</username>
         <password>PASSWORD</password>
         <search-root>DC=example,DC=com</search-root>
         <access-groups>
                 <access-group accessType="normal"  groupName="NORMAL_ONMS_ACCESS"/>
                 <access-group accessType="admin" groupName="ADMIN_ONMS_ACCESS"/>
         </access-groups>
 </active-directory-connect-info>

Patch is here: activedirectory.patch.txt (60.30 Kb) (taken from Bug 1493) and you'll also need to shove jcifs-web.jar (261.00 Kb) into /source/lib/jcifs-web.jar.

Good luck