LDAP Configuration
By configuring the LDAP Configuration element, you specify in which way WebOffice 10.9 R4 will connect to the LDAP system using the LDAP v3 protocol.
You can also specify an LDAPS server connection secured via SSL/TLS at this configuration.
When using an LDAPS server, the corresponding SSL/TLS certificate for the WebOffice application must be imported. The LDAP system connection of course is read only. WebOffice 10.9 R4 needs to search the login user and bind to it. |
See chapter Import SSL Certificates in SynAdmin for more information. |
LDAP / LDAPS configuration
Property |
Description |
||
---|---|---|---|
LDAP Server URL |
LDAP(S) Server URL to be provided depends on the LDAP(S) system provider. It is an LDAP(S) URL that specifies •the domain name of the directory server to connect to •the TCP/IP port number to be used. Examples: ldap://ds.example.com:389 ldaps://ds.example.com:636
|
||
Secure connection? |
Enables secured LDAPS traffic via SSL certificates. |
||
Base DN |
The LDAP entry that is the root base (Base DN or Base Distinguished Name) of the LDAP sub tree containing user objects.
This LDAP entry is used to start the search for a user that needs to be authenticated by the LDAP system. If e.g. using a standard OpenLDAP system the value would be dc=guessant,dc=org. |
||
User ID field |
The name of the LDAP attribute, that stores the UNIQUE login name of the user. This login name in the LDAP must be the same as that entered by the user in the login dialog, e.g. sAMAcountname for MS Active Directory Server. Values may be sn or mail as well. |
||
Display Name field |
The name of the attribute, that stores the full verbose name of the user, e.g. displayName. |
||
User: Ignore referrals? |
Ignore referrals (true) to speed up LDAP search. Search results might be incomplete. |
||
Role Base DN |
The LDAP entry that is the root base (Base DN or Base Distinguished Name) of the subtree containing groups. This LDAP entry is used to start the search for all roles of a user to be authenticated If e.g. using a standard OpenLDAP system the value would be ou=roles,dc=org. |
||
Role members field |
The name of the attribute that stores the ids of the users having a role. |
||
Role field |
The name of the attribute that stores the name of the role. |
||
Roles: Ignore referrals? |
Ignore referrals (true) to speed up LDAP search. Search results might be incomplete. |
||
Roles: Searching for all ancestors? |
Searching recursively for all ancestor entries (true). For example when a group A is member of the group B, then the group B should also be returned.
|
||
User name of service user |
User name of service user (the service user is the LDAP user which is granted access to connect to the LDAP system, search for user objects and read the necessary attributes).
|
||
Password of service user |
Password of service user. |
LDAP configuration
•To solve problems with LDAP authentication the tool JXplorer is very helpful. You can find it in WebOffice10.9R4-DVD\Software\Util\JXplorer\jxplorer-3.3.1.2-windows-installer.exe. Please use this tool before contacting WebOffice Support Team. Instead of JXplorer you can also use ApacheDirectoryStudio. •Check also how to readout attributes from MS AD. •The Microsoft AD group Domain Users contains by default any user account created in the domain. By configuring Domain Users in your WebOffice usermanagement Groups it is simply possible to set restrictions/rights for all of your Microsoft AD members at once. |
To use the Active Directory groups in WebOffice 10.9 R4 the groups in the user management database have to be named identically (case sensitive). No user has to be member of the group. All user groups of the Active Directory can be used, even the domain users group.
Steps to get out the group names using i.e. JXplorer:
1.Search for the User with <User IDField> in path <Role Base DN>
2.Read out the DN distinguishedName
3.Search for the DN in path <Role Base DN> in field <Role members field>
4.Read out the role <Role field>
5.Use this roles for the UM group names