Modifying User Repository Settings for LDAP - Advanced Design and Setup - Foundation 23.2 - Foundation 23.2 - Ready - Content Composer - external

Content Composer Advanced Design and Setup

Platform
Content Composer
Product
Advanced Design and Setup
Release
Foundation 23.2
License
To configure the settings for LDAP usage, complete the following steps.
  1. From the %Composerdir% directory, open UserRepository_LDAP.config with a text editor that supports UTF-8.
  2. Verify and change the settings if required.
    Attribute Description
    connectionString

    Connection information to the LDAP server.

    Syntax

    LDAP://Host:Port/BaseDN

    Host: LDAP-Server

    Port: Standard: 389, when using SSL: 636

    BaseDN: Root-Node in LDAP where user and group containers are stored.

    Example: "LDAP://localhost:389/DC=DMS-PE,DC=DE"

    connectionProtection

    None: Default value

    SignAndSeal: Secures the connection by digital signing and encryption of all packets sent to the server.

    SSL: Connection is made via SSL connection.

    adminUser

    Administrator user account read from LDAP. This user requires read rights for all user and group containers.

    Example: "CN=Administrator,CN=Users,DC=dms-pe,DC=de"

    adminPassword

    Password for this user, encrypted using the tool Encoder.exe.

    groupContainerDN

    Name of the container where groups are defined in LDAP.

    If this parameter is not empty, the search for the group starts in this container.

    If this parameter is empty, the search for the group starts in the BaseDN specified in the parameter ConnectionString.

    We recommend leaving this parameter empty ("").

    userContainerDN

    Name of the container where users are defined in LDAP.

    If this parameter is not empty, the search for the user starts in this container.

    If this parameter is empty, the search for the user starts in the BaseDN specified in the parameter ConnectionString.

    We recommend leaving this parameter empty ("").

    groupFilter

    Search filter to identify the LDAP class for groups.

    Example of Microsoft Active Directory

    (&(objectCategory=group)(objectClass=group){0})

    The LDAP class for groups has the attribute objectCategory=group and objectClass=group.

    {0} is automatically replaced with the group name specified in the element AttributeMapGroupName, for example (member=CN=Test User,CN=Users,DC=dms-pe,DC=de).

    The following filter can be used to find the group Admin:

    (&(objectCategory=group)(objectClass=group)(member=Admin)

    If, for example, the LDAP class only has the attribute objectClass, the definition looks as follows:

    (&(objectClass=group){0})

    Note: The character & must be replaced by & in the configuration file.
    userFilter

    Search filter to identify the LDAP class for users.

    Example of Microsoft Active Directory

    (&(objectCategory=person)(objectClass=user){0})

    The LDAP class for users has the attribute objectCategory=person and objectClass=user.

    {0} is automatically replaced with the user name specified in the element AttributeMapUserName, for example (sAMAccountName=Miller).

    The following filter can be used to find the user Miller:

    (&(objectCategory=person)(objectClass=person)(sAMAccountName=Miller)

    If, for example, the LDAP class only has the attribute objectClass, the definition looks as follows:

    (&(objectClass=person){0})

    Note: The character & must be replaced by & in the configuration file.
    attributeMapGroupName

    Attribute used to identify the groups a user belongs to, for example "member".

    attributeMapUserName

    Attribute used to identify a user, for example "sAMAccountName".

    includeLocalGroups

    TRUE: Include local groups belonging to global groups.

    FALSE: Does not include local groups.

Sample Configuration

<?xml version="1.0" encoding="utf-8" ?>
   <userRepository_Ldap
      connectionString = "LDAP://localhost:389/DC=DMS-PE,DC=DE"
      connectionProtection = "None"
      adminUser = "CN=Administrator,CN=Users,DC=dms-pe,DC=de"
      adminPassword = "password
      groupContainerDN = ""
      userContainerDN = ""
      groupFilter = "(&amp;(objectCategory=group)(objectClass=group){0})"
      userFilter = "(&amp;(objectCategory=person)(objectClass=user){0})"
      attributeMapGroupName = "member"
      attributeMapUserName = "sAMAccountName"
      includeLocalGroups = "TRUE"
  />