...
Edit the properties file and set the following properties based on the information that was collected in Planning LDAP Configuration:
| dpod_ldap_method | Should be "user_attribute" (for scenario A) or "group_attribute" (for scenario B). |
| test_user | The username of a real user defined in the LDAP user registry who will be using DPOD - will be used to verify that the configuration is valid.user for testing e,g, "adminford" |
| test_user_password | The password of a real user defined in the LDAP user registry who will be using DPOD - will be used to verify that the configuration is valid.user for testing e.g. "pass123" |
| connectionURL | Primary LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection. e.g. "ldap://192.168.110.15:389" |
| alternateURL | Alternate LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection. e.g. "ldap://192.168.110.1516:389" |
| referrals | Whether Follow or ignore LDAP referrals should be followed ("follow") or ignored ("ignore", usually used for better performance).follow/ignore) |
| connectionName | The Query user distinguished name (DN) of a user used to connect to the LDAP server and can perform queries. e.g. "cn=LDAP Query User,ou=people,dc=example,dc=org" |
| connectionPassword | The password of a user used to connect to the LDAP server and can perform queries.Query user password e.g. "pass123" |
| userBase | User base entry e.g. "ou=people,dc=example,dc=org" |
| userSubtree | User query sub-tree (true/false) e.g. "true" |
| userSearch | User search query. Operators (e.g. "&") are escaped (e.g. "&") {0} - a placeholder for the user name entered in the login screen e.g. "(&(objectClass=person)(sAMAccountName={0}))" |
| userRoleName | For scenario A only. |
| roleBase | For scenario B only |
| roleSubtree | For scenario B only Role query sub-tree (true/false) e.g. "true" |
| roleSearch | For scenario B only Group search query Operators (e.g. "&") are escaped (e.g. "&") {0} - a placeholder for the full DN of the authenticated user {1} - a placeholder for the user name of the authenticated user e.g. "(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))" |
| roleNested | For scenario B only Nested groups (true/false) e.g. "true" |
| roleName | For scenario B only |
| LDAPConnectionURL | Primary LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection. |
| LDAPReferral | Follow or ignore LDAP referrals (follow/ignore) |
| LDAPConnectionName | Query user distinguished name (DN) e.g. "cn=LDAP Query User,ou=people,dc=example,dc=org" (identical to connectionName property) |
| LDAPConnectionPASSWORD | Query user password |
| LDAPUserBaseEntry | User base entry e.g. "ou=people,dc=example,dc=org" (identical to userBase property) |
| LDAPUserSearchFilter | User search query |
| LDAPGroupBaseEntry | Group base entry |
| LDAPGroupSearchFilter | Group search query |
| LDAPGroupNameAttribute | Group entry attribute name |
DPOD is deployed on an application server, which is responsible for authenticating the user and assigning authenticated user with the built-in roles.
To configure LDAP for the application server, edit the following file:
...