LDAP Configuration |
  
|
LDAP Configuration |
|
By configuring the LDAP Configuration element, you specify in which way WebOffice 10 R3 will connect to the LDAP system using the LDAP v3 protocol.
Note: The LDAP system connection of course is read only. WebOffice 10 R3 needs to search the Login User and bind to it.
LDAP Configuration in the application configuration
Property |
Description |
LDAP Server URL |
LDAP Server URL to be provided depends on the LDAP system provider. It is an LDAP URL that specifies •The domain name of the directory server to connect to, •The TCP/IP port number to be used. e.g. ldap://localhost:389 |
Base DN |
The LDAP entry that is the root base (Base DN or Base Distinguished Name) of the LDAP sub tree containing user objects. Note: The configured Base DN must contain the user objects not only references to them. This LDAP Entry is used to start the search for a user that needs to be authenticated by the LDAP system. If e.g. using a standard OpenLDAP system the value would be dc=guessant,dc=org. |
User ID field |
The name of the LDAP attribute, that stores the UNQIUE login name of the user. This login name in the LDAP must be the same as that entered by the user in the login dialog, e.g. sAMAcountname for MS Active Directory Server. Values may be sn or mail as well. |
Display Name field |
The name of the attribute, that stores the full verbose name of the user, eg. 'displayName'. |
User: Ignore referrals? |
Ignore referrals ('Yes') to speed up LDAP search. Search results might be incomplete. |
Role Base DN |
The LDAP entry that is the root base (Base DN or Base Distinguished Name) of the subtree containing groups. This LDAP Entry is used to start the search for all roles of a user to be authenticated If e.g. using a standard OpenLDAP system the value would be 'ou=roles,dc=org'. |
Role members field |
The name of the attribute, that stores the ids of the users having a role. |
Role field |
The name of the attribute, that stores the name of the role. |
Roles: Ignore referrals? |
Ignore referrals ('Yes') to speed up LDAP search. Search results might be incomplete. |
User name of service user |
User name of service user (the service user is the LDAP user which is granted to connect to the LDAP system, search for user objects and read the necessary attributes). Note: If not specified the connection is ‘anonymous’. This does work for some LDAP systems like e.g. OpenLDAP but not for e.g. MS Active Directory Server.
Note that you need to verify (LDAP system administrator) that the user configured here has the necessary set of rights in the LDAP system (i.e. 'connect' and 'bind' rights). |
Password of service user |
Password of service user. |
LDAP Configuration
Note: To solve problems with LDAP authentication the tool JXplorer is very helpful. You can find it in <WebOffice Installation media>\Software\Util\JXplorer\jxplorer-3.2.1-windows-installer.exe. Please use this tool before contacting SynerGIS web support.
To use the Active Directory groups in WebOffice 10 R3 the groups in the UserManagement Database have to be named identically (case sensitive). No user has to be member of the group. All user groups of the Active Directory can be used, even the domain Users group. Nested groups are not supported.
Steps to get out the group names using i.e. JXplorer:
1.Search for the User with <User IDField> in path <Role Base DN>
2.Read out the DN distinguishedName
3.Search for the DN in path <Role Base DN> in field <Role members field>
4.Read out the role <Role field>
5.Use this roles for the UM group names