LDAP Configuration |
  
|
LDAP Configuration |
|
By configuring the LDAP Configuration element, you specify in which way WebOffice 10.7 SP1 will connect to the LDAP system using the LDAP v3 protocol.
Note: The LDAP system connection of course is read only. WebOffice 10.7 SP1 needs to search the login user and bind to it.
LDAP Configuration configuration
Property |
Description |
LDAP Server URL |
LDAP Server URL to be provided depends on the LDAP system provider. It is an LDAP URL that specifies •the domain name of the directory server to connect to •the TCP/IP port number to be used. e.g. ldap://localhost:389 |
Secure connection? |
|
Base DN |
The LDAP entry that is the root base (Base DN or Base Distinguished Name) of the LDAP sub tree containing user objects. Note: The configured Base DN must contain the user objects not only references to them. This LDAP entry is used to start the search for a user that needs to be authenticated by the LDAP system. If e.g. using a standard OpenLDAP system the value would be dc=guessant,dc=org. |
User ID field |
The name of the LDAP attribute, that stores the UNQIUE login name of the user. This login name in the LDAP must be the same as that entered by the user in the login dialog, e.g. sAMAcountname for MS Active Directory Server. Values may be sn or mail as well. |
Display Name field |
The name of the attribute, that stores the full verbose name of the user, eg. displayName. |
User: Ignore referrals? |
Ignore referrals (true) to speed up LDAP search. Search results might be incomplete. |
Role Base DN |
The LDAP entry that is the root base (Base DN or Base Distinguished Name) of the subtree containing groups. This LDAP entry is used to start the search for all roles of a user to be authenticated If e.g. using a standard OpenLDAP system the value would be ou=roles,dc=org. |
Role members field |
The name of the attribute that stores the ids of the users having a role. |
Role field |
The name of the attribute that stores the name of the role. |
Roles: Ignore referrals? |
Ignore referrals (true) to speed up LDAP search. Search results might be incomplete. |
Roles: Searching for all ancestors? |
Searching recursively for all ancestor entries (true). For example when a group A is member of the group B, then the group B should also be returned. Note: This functions allows nested AD groups. |
User name of service user |
User name of service user (the service user is the LDAP user which is granted access to connect to the LDAP system, search for user objects and read the necessary attributes). Note: If not specified the connection is anonymous. This does work for some LDAP systems like e.g. OpenLDAP but not for e.g. MS Active Directory Server. Note that you need to verify (LDAP system administrator) that the user configured here has the necessary set of rights in the LDAP system (i.e. "connect" and "bind" rights). |
Password of service user |
Password of service user. |
LDAP configuration
Note: To solve problems with LDAP authentication the tool JXplorer is very helpful. You can find it in WebOffice10.7-DVD\Software\Util\JXplorer\jxplorer-3.3.1.2-windows-installer.exe. Please use this tool before contacting WebOffice Support Team. Instead of JXplorer you can also use ApacheDirectoryStudio.
Note: Check also how to readout attributes from MS AD.
Note: The Microsoft AD group 'Domain Users' contains by default any user account created in the domain. By configuring 'Domain Users' in your WebOffice usermanagement Groups it is simply possible to set restrictions/rights for all of your Microsoft AD members at once.
To use the Active Directory groups in WebOffice 10.7 SP1 the groups in the UserManagement Database have to be named identically (case sensitive). No user has to be member of the group. All user groups of the Active Directory can be used, even the domain users group. Nested groups are not supported.
Steps to get out the group names using i.e. JXplorer:
1.Search for the User with <User IDField> in path <Role Base DN>
2.Read out the DN distinguishedName
3.Search for the DN in path <Role Base DN> in field <Role members field>
4.Read out the role <Role field>
5.Use this roles for the UM group names