Page History
...
- Simple Mode: The most frequently used settings are available.
- Expert Mode:: The full set of settings is available.
Specify General Settings
...
| Name | Value | Description |
|---|---|---|
LDAP Server URL |
| The protcolprotocol, host and the port of the LDAP Server. |
LDAP Start TLS true|false | Checkbox checked or unchecked | To enable Starttls StartTls set the value to See JS7 - LDAP over TLS (STARTTLS) and LDAP over SSL (LDAPS) |
Host Name Verification | trueon|falseoff | Enables host name verification for the server certificate. The default value is off. |
LDAP Truststore Path | If the LDAP Server is to be configured for TLS/SSL protocols then the indicated truststore has to include an X.509 certificate specified for the Extended Key Usage of Server Authentication. | |
LDAP Truststore Password | If an LDAP truststore is used and the LDAP truststore is protected by a password, then the password has to be specified. | |
LDAP Truststore Type | If an LDAP truststore is used then the type of the indicated truststore has to be specified being either |
...
- As Approach 2: Group Search for account membership is used the group's Common Name is specified.
...
| group | sos-members |
|---|
Examples and special configurations
...
Group Search
...
A public LDAP Server for Testing
An online LDAP Server is available for public access (managed by Forum Systems). This server can be used to test LDAP authentication and authorization.
...
Group Search where the member attribute does not contain the account name but the common name
...
memberOf in the account record
...
public LDAP Server
...
A public LDAP Server for testing the connection
An online public LDAP server which can be accessed using a relatively simple configuration is available from Forum Systems. This server can be used to set up a test environment with LDAP authentication. In this article we will refer to the authentication of two user accounts on this server - gauss and newton - that are each members of a different LDAP group as shown in the following table:
...
- The LDAP Server offers two accounts:
gauss: the user account is assigned theallrole which allows access to any operation in JOC Cockpit.newton: the user account is assigned theapplication_managerrole which includes to manage scheduling object, but for example does not allow to restart a Controller.- The roles and permissions are described with the JS7 - Default Roles and Permissions article.
- The accounts are members in different LDAP groups that are mapped to respective roles in JOC Cockpit.
The LDAP settings are available for download: PublicLDAP.ldap.json
- The popup window to manage LDAP Server settings offers an Upload button to import downloaded settings.
- The popup window to manage LDAP Server settings offers an Upload button to import downloaded settings.
| Password | LDAP Group | Role | |
|---|---|---|---|
| gauss | password | mathematicians |
|
| newton | password | scientists |
...
application_ |
...
manager |
Logging
- JS7 - Logging
- For analysis of LDAP Server connections, authentication and authorization consider increasing the log level and checking the output of JOC Cockpit's
authentication-debug.logfile.
...
Overview
Content Tools