| Table of Contents |
|---|
Introduction
...
- Timeout is specified in milliseconds.
LDAP Authentication
The Please note that you can specify the roles also in the [users] section of like
username = , role1, role2
If you do not want to get the roles from the shiro.ini file can be deleted or completely commented out when LDAP authentication is to be used, please remove the [users] section.
The [main] section contains the following information:
- specification of the LDAP directory service,
- a mapping of the JOC Cockpit role names specified in the [roles] section of the file onto LDAP group names and
- a session timeout.
Getting the roles of an user
You have to specify:
ldapRealm.userDnTemplate = cn={0},CN=mycn,DC=localhost ldapRealm.searchBase = CN=mycn,DC=localhost ldapRealm.contextFactory.url = ldap://localhost:389 #ldapRealm.groupNameAttribute=memberOf #ldapRealm.userNameAttribute=cn
ldapRealm.groupRolesMap = \ "CN=??????,OU=?????,OU=?????,OU=?????,DC=domain,DC=local":"all"
ldapRealm.userSearchFilter=(&(objectClass=User)(cn=%s))+
%s will be substituted by the user.
To get the correct values for ldapRealm.userDnTemplate, ldapRealm.searchBase and ldapRealm.userSearchFilter
- please create a query that finds all groups the user is a member of
- set ldapRealm.userSearchFilter to this query with %s for the user name.
- Example: (&(objectClass=User)(cn=%s))
- Example: (uniqueMember=uid=%s,dc=example,dc=com)
- set ldapRealm.userSearchFilter to this query with %s for the user name.
- Then identify the attribute in the result that contains the groupName
- set ldapReal.groupNameAttribute to this value (default is memberOf)
- Then assign the value of attribute specified in groupNameAttribute to the groupRolesMap
- Example: ldapRealm.groupRolesMap="value in attribute groupNameAttribute":"it_operator
- The userDnTemplate is identifiying the user entry in ldap (e.g. the value of uniqueMember)
Example LDAP Configuration
...