- From the %Composerdir% directory, open UserRepository_LDAP.config with a text editor that supports UTF-8.
-
Verify and change the settings if required.
Attribute Description connectionString Connection information to the LDAP server.
Syntax
LDAP://Host:Port/BaseDN
Host: LDAP-Server
Port: Standard: 389, when using SSL: 636
BaseDN: Root-Node in LDAP where user and group containers are stored.
Example: "LDAP://localhost:389/DC=DMS-PE,DC=DE"
connectionProtection None: Default value
SignAndSeal: Secures the connection by digital signing and encryption of all packets sent to the server.
SSL: Connection is made via SSL connection.
adminUser Administrator user account read from LDAP. This user requires read rights for all user and group containers.
Example: "CN=Administrator,CN=Users,DC=dms-pe,DC=de"
adminPassword Password for this user, encrypted using the tool Encoder.exe.
groupContainerDN Name of the container where groups are defined in LDAP.
If this parameter is not empty, the search for the group starts in this container.
If this parameter is empty, the search for the group starts in the BaseDN specified in the parameter ConnectionString.
We recommend leaving this parameter empty ("").
userContainerDN Name of the container where users are defined in LDAP.
If this parameter is not empty, the search for the user starts in this container.
If this parameter is empty, the search for the user starts in the BaseDN specified in the parameter ConnectionString.
We recommend leaving this parameter empty ("").
groupFilter Search filter to identify the LDAP class for groups.
Example of Microsoft Active Directory
(&(objectCategory=group)(objectClass=group){0})
The LDAP class for groups has the attribute objectCategory=group and objectClass=group.
{0} is automatically replaced with the group name specified in the element AttributeMapGroupName, for example (member=CN=Test User,CN=Users,DC=dms-pe,DC=de).
The following filter can be used to find the group Admin:
(&(objectCategory=group)(objectClass=group)(member=Admin)
If, for example, the LDAP class only has the attribute objectClass, the definition looks as follows:
(&(objectClass=group){0})
Note: The character & must be replaced by & in the configuration file.userFilter Search filter to identify the LDAP class for users.
Example of Microsoft Active Directory
(&(objectCategory=person)(objectClass=user){0})
The LDAP class for users has the attribute objectCategory=person and objectClass=user.
{0} is automatically replaced with the user name specified in the element AttributeMapUserName, for example (sAMAccountName=Miller).
The following filter can be used to find the user Miller:
(&(objectCategory=person)(objectClass=person)(sAMAccountName=Miller)
If, for example, the LDAP class only has the attribute objectClass, the definition looks as follows:
(&(objectClass=person){0})
Note: The character & must be replaced by & in the configuration file.attributeMapGroupName Attribute used to identify the groups a user belongs to, for example "member".
attributeMapUserName Attribute used to identify a user, for example "sAMAccountName".
includeLocalGroups TRUE: Include local groups belonging to global groups.
FALSE: Does not include local groups.
Sample Configuration
<?xml version="1.0" encoding="utf-8" ?> <userRepository_Ldap connectionString = "LDAP://localhost:389/DC=DMS-PE,DC=DE" connectionProtection = "None" adminUser = "CN=Administrator,CN=Users,DC=dms-pe,DC=de" adminPassword = "password groupContainerDN = "" userContainerDN = "" groupFilter = "(&(objectCategory=group)(objectClass=group){0})" userFilter = "(&(objectCategory=person)(objectClass=user){0})" attributeMapGroupName = "member" attributeMapUserName = "sAMAccountName" includeLocalGroups = "TRUE" />