JMap LDAP user manager
You can connect to any LDAP compliant directory (in read-only mode). Unix, Linux and Windows systems offer many LDAP compliant directories.
In order for the JMap LDAP user manager option to be available in the User manager tab of the Users / Groups section in JMap Admin, you must include the following line in the JMAP_HOME/conf/jmapserver.properties file:
usermanager.ldap=com.kheops.jmap.server.security.LDAPUserManager
We recommend you use the Composite user manager instead of simply using the LDAP user manager. This will allow you to maintain access to JMap Admin even if errors arise in the configuration of LDAP.
In the User manager section, select the Composite user manager and add the JMap LDAP user manager. A new interface opens, allowing you enter the settings to configure the connection to the LDAP server.
JMap LDAP user manager
Friendly name
Name used to easily identify the LDAP user manager.
Server URL
LDAP server address. You can add several LDAP servers by separating the addresses with a space.
Example:
ldap://host1 ldap://host2
where host1
and host2
are the URLs of the LDAP servers.
DN
Unique identifier (Distinguished Name) used to define the root of the directory. Includes a list of Domain Component entries.
Example:
dc=k2geospatial
,dc=com
User
User name that will be used by JMap Server to connect to the LDAP directory. It is recommended to have a user created specifically for JMap purposes. This user’s password should never expire. The user name must be accompanied by the domain the user belongs to.
Example:
cn=admin
,dc=k2geospatial
,dc=com
Password
The user password that JMap Server will use to connect to the LDAP directory.
Admin. password
A user named administrator must always exist in JMap. If there is no administrator user in the LDAP directory, JMap will simulate one. In this case, you must provide the password associated with this user. If the administrator user exists in the LDAP directory and a password is entered, it will be ignored.
Use prefix and suffix
Select this option if the LDAP server uses a prefix and a suffix for user authentication.
Authentication prefix
Some LDAP servers require a prefix to be concatenated with the user name in order to proceed with authentication.
Example:
Prefix: a_domain\
User: a_user
Result: a_domain\a_user
Authentication suffix
Some LDAP servers require a suffix to be concatenated with the user name to proceed with authentication.
Example:
Suffix=@a_domain
User=a_user
Result: a_user@a_domain
User class
This setting and the ones that follow depend on the internal structure of the LDAP server, i.e. the way the users are organized into groups. This information is used to identify the LDAP users and groups. You must indicate the corresponding parameters in the LDAP server to which you connect. Name of the LDAP object class used to identify a user in the LDAP directory.
Group class
Name of the LDAP object class used to identify a group in the LDAP directory.
User filter
Search filter used to extract users from the LDAP directory. This filter must be formatted according to the standard LDAP syntax.
Group filter
Search filter used to extract groups from the LDAP directory. This filter must be formatted according to the standard LDAP syntax.
User attribute
The attribute of an LDAP user that defines this user’s identity.
Group attribute
The attribute of an LDAP group that defines this group’s identity.
Member attribute
The attribute of an LDAP group that defines which users are members of this group.
Full name attribute
The attribute of an LDAP user that defines this user’s full name.
Email attribute
The attribute of an LDAP user that defines this user’s email address.
Max page size
In LDAP directories, the size of transactions is limited to a maximum number of recordings at once (the size of the page). The value of this parameter must not exceed the maximum size permitted by the directory (1000 is the default value in LDAP directories). If the size is too small, this could affect performance. If the size is larger than the authorized limit, data will be missing in the user list.
For more information on the LDAP protocol, refer to http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol.
Dernière mise à jour