Versions Compared

Version Old Version 16 New Version 17
Changes made by

Amit Munwes

Amit Munwes

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

dpod_ldap_method

Should be "user_attribute" (for scenario A) or "group_attribute" (for scenario B).
e.g. "group_attribute"

test_userThe username of a user for testing
e,g, "adminford"
test_user_passwordThe password of a user for testing
e.g. "pass123"
connectionURLPrimary LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. "ldap://192.168.110.15:389"
alternateURLAlternate LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. "ldap://192.168.110.16:389"
referrals

Follow or ignore LDAP referrals (follow/ignore)
e.g. "ignore" 

connectionNameQuery user distinguished name (DN)
e.g. "cn=LDAP Query User,ou=people,dc=example,dc=org"
connectionPasswordQuery user password
This password will be encrypted in the configuration file
e.g. "pass123"
userBaseUser base entry
e.g. "ou=people,dc=example,dc=org" 
userSubtreeUser query sub-tree (true/false)
e.g. "true"
userSearchUser search filter
Operators (e.g. "&") are escaped (e.g. "&")
{0} - a placeholder for the user name entered in the login screen
e.g. "(&(objectClass=person)(sAMAccountName={0}))"
userRoleName

For scenario A only
User entry attribute name
e.g. "DPOD_Role"

roleBase

For scenario B only
Group base entry
e.g. "ou=groups,dc=example,dc=org" 

roleSubtreeFor scenario B only
Role query sub-tree (true/false)
e.g. "true"
roleSearchFor scenario B only
Group search filter
Operators (e.g. "&") are escaped (e.g. "&")
{0} - a placeholder for the full DN of the authenticated user
{1} - a placeholder for the user name of the authenticated user
e.g. "(&(objectClass=groupOfUniqueNames)(uniqueMember={0}))"
roleNestedFor scenario B only
Nested groups (true/false)
e.g. "true"
roleName

For scenario B only
Group entry attribute name
e.g. "cn"

LDAPConnectionURL

Primary LDAP server URL. Use ldap:// prefix for non-SSL connection and ldaps:// prefix for SSL connection.
e.g. "ldap://192.168.110.15:389"
(identical to connectionURL property)

LDAPReferral

Follow or ignore LDAP referrals (follow/ignore)
e.g. "ignore"
(identical to referrals property)

LDAPConnectionNameQuery user distinguished name (DN)
e.g. "cn=LDAP Query User,ou=people,dc=example,dc=org"
(identical to connectionName property)
LDAPConnectionPASSWORD

Query user password
This password will be used just for testing, and will not be stored in System Parameters
e.g. "pass123"
(identical to connectionPassword property)

LDAPUserBaseEntryUser base entry
e.g. "ou=people,dc=example,dc=org"
(identical to userBase property)
LDAPUserSearchFilter

User search filter
Operators (e.g. "&") are NOT escaped (e.g. "&")
{0} - a placeholder for the user name entered in the login screen
e.g. "(&(objectClass=person)(sAMAccountName={0}))"
NOTE: This property is similar to userSearch property, but is NOT identical.

LDAPGroupBaseEntry

Group base entry
e.g. "ou=groups,dc=example,dc=org"
(identical to roleBase property) 

LDAPGroupSearchFilter

Group search filter
Operators (e.g. "&") are NOT escaped (e.g. "&")
{0} - a placeholder for the user name of the authenticated user
{1} - a placeholder for the full DN of the authenticated user
e.g. "(&(objectClass=groupOfUniqueNames)(uniqueMember={1}))"
NOTE: This property is similar to roleSearch roleSearch property, but is NOT identical. 

LDAPGroupNameAttribute

Group entry name attribute name
e.g. "cn"
(identical to roleName property)NOTE: This property might be different than roleName property, depending on the chosen builtin roles scenario. 

Testing LDAP Configuration

...