Introduction
This article describes the configuration of the JOC Cockpit to use an LDAP Server for Authentication. This configuration is done in the JOC Cockpit's shiro.ini file whose overall configuration is described in the Authentication and Authorization - Configuration article. A general introduction to authentication and authorization in the JOC Cockpit is provided in the JOC Cockpit - Authentication and Authorization article.
After changing the shiro.ini configuration file either by using the JOC Account Manager or a text editor, no restart of JOC is neccessary.
Relevant Tools
- An LDAP Browser:
- The screenshots shown in this article were made with the "Softerra LDAP Browser" that had been configured to use the relevant LDAP server.
- A command line utility:
- The example commands shown were executed with ldapSearch
How to set up an LDAP configuration
Carry out the following steps:
- Set up the basic LDAP configuration
- Set up the authentication
- Set up the authorization
- Defining the groupRolesMapping (optional)
- Defining the Roles per user in the [users] section (optional)
- Defining the search for groups
- Add Shiro settings
The Setup Procedure
1. Basic LDAP Configuration
After setting up the Basic LDAP Configuration your [main] section looks like this
[main] ldapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm ldapRealm.contextFactory.url = ldap://myHost:389 rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter rolePermissionResolver.ini = $iniRealm ldapRealm.rolePermissionResolver = $rolePermissionResolver securityManager.realms = $ldapRealm
The following table lists the basic items used to configure an LDAP realm. These items are configured in the [main] section of the shiro.ini file and cannot be changed with the Account Management in JOC.
(See the Authentication and Authorization - Configuration article for more information about the shiro.ini file)
| Key | Value | Description |
|---|---|---|
ldapReam | com.sos.auth.shiro.SOSLdapAuthorizingRealm | The key is the name of the realm. You can define any name. The name is taken as a reference to set the properties of the realm. The value is the name of the class that implements the realm. The implementation from SOS extends Please note that you can have more than one LDAP configuration. |
ldapRealm.contextFactory.url | ldap://host:port | The host and the port of your LDAP server. You can check whether the server is reachable with Make sure that the firewall is open for the given port. |
ldapRealm.useStartTls | true|false | To enable starttls set the value to true (Default is Please note the the server must be prepared to serve with Starttls. To check this, you can use a LDAP browser such as the "Softerra LDAP Browser". Configure your LDAP Server there and click the "Enable Starttls Button" On client site you will need the certificate and you have to add the certificate to your truststore. The path for your truststore is defined in the
Example values:
Note: we have had difficulties with using starttls with the JRE1.8.0_151 and have overcome these by installing a JDK. |
ldapRealm.hostNameVerification | on|off true|false | To enable the host name verification of the certificate. The default is off. |
rolePermissionResolver | com.sos.auth.shiro.SOSPermissionResolverAdapter | The implementation of the permission resolver. The SOS implementation sets an org.apache.shiro.realm.text.IniRealm to resolve the permissions. That means that the permissions a role have are specified in the configuration file shiro.ini in the same way it is done when using the iniRealm. |
ldapRealm.rolePermissionResolver | $rolePermissionResolver | Sets the role permission resolver for the LDAP realm. |
securityManager.realms | $ldapRealm | Sets the list of realms that should be used for authentication. This is a comma separated list of items. Example values:
|
In a simple configuration these items could appear as shown in the code block below (see also the example configuration for the public LDAP server listed in the previous section):
2. Authentication
Settings:
ldapRealm.userDnTemplate
After setting up the Basic LDAP Configuration (described in 1. above) and adding the userDnTemplate your [main] section will looks like this:
The user template
With authentication you will check for a valid username/password combination. To achieve this, you have to specify the userDnTemplate. The parameters for the userDnTemplate can be read from a user's properties page as shown in the screenshot from an LDAP browser below.
For the User in the screenshot the template would be (replacing the uid value with {0}):
ldapRealm.userDnTemplate = uid={0},ou=People,dc=sos
Only one template can be specified per realm, separate realms have to be configured for different user templates.
Usernames
The username can have one of the following login patterns:
username@domaindomain\usernameusername
Note that LDAP Usernames may contain blank spaces. See the Authorization section below for a description of how blank spaces are handled when LDAP authentication is used in together with Shiro authorization.
Configuration in the shiro.ini file
The [main] section of the shiro.ini file with authentication for the example "ur" User from the screenshot above is shown in the next code block:
Examples for the userDnTemplate:
- Example for the ur User
ldapRealm.userDnTemplate = uid={0},ou=People, dc=sos
- Example Configuration for the public LDAP Server mentioned at the start of this article
publicLdapRealm.userDnTemplate = uid={0},dc=example,dc=com
- Example Configuration with a Microsoft AD
adLdapRealm.userDnTemplate = CN={0},CN=sos,DC=berlin,DC=com
Verification with ldapSearch
You can check the userDnTemplate by integrating it in a command for the ldapSearch utility such as:
ldapsearch -h localhost -p 389 -b "uid=ur,ou=People, dc=sos" -x
This should give a result such as:
Example for the public LDAP server
For this server the command to check the userDnTemplate in the ldapSearch utility would be:
ldapsearch -h ldap.forumsys.com -p 389 -b "uid=gauss,dc=example,dc=com" -x
The server will return the following:
Note: ldapSearch Parameters
The option -x is used in all the ldapSearch examples in this article. It is possible that your LDAP Server does not allow this option and you have to specify a User and a Password. If this is the case the command would be:
ldapsearch -h ldap.forumsys.com -p 389 -b "uid=gauss,dc=example,dc=com" -W -D "uid=gauss,dc=example,dc=com"
Verification with an LDAP Browser
Search with Search-Dn=userDnTemplate. You should find only one entry.
Verification with the JOC Cockpit
Try to login with an LDAP username:password combination. Use a username which you have verified is correct by executing the ldapSearch command described above. If there are no role(s) configured for the user but the authentication works you will see the following:
3. Authorization
Authorization is the assignment of Roles to User Accounts. Roles, in turn, have permissions that are listed in the shiro.ini configuration file. A User has the sum of all the Permissions coming from the Roles they have been assigned.
There are two options for assigning Roles to Users:
- First Option: with an LDAP Group to Shiro Role mapping
- Second Option: with a Shiro User Account.
Both options can be combined. The result is a combination of - i.e. the union of - all assigned Roles.
Please decide:
- If Roles are to be assigned in the
shiro.inifile using the JOC Account Manager. The LDAP groups the user is a member of does have no effect. Proceed with Assigning roles in the shiro.ini File - If Roles are to be assigned with the group roles mapping. The LDAP Groups the user is a member of are assigned to JOC roles. Proceed with Assigning Roles from LDAP Groups
- If a mix of 1. and 2. is to be used. Proceed with Assigning roles in the shiro.ini File and then with Assigning Roles from LDAP Groups
Assigning roles in the shiro.ini File
After assigning Roles in the shiro.ini file the [users] section of the file will look like:
Role assignment in the shiro.ini file is configured in the Manage Accounts view of the JOC Cockpit. Do not enter the Password for a User Account that is to be authenticated by an LDAP server.
The roles assigned to an entry are saved in the [users] section of the shiro.ini configuration file according to the following syntax:
username = ,list_of_roles
The list_of_roles is a comma separated list such as:
it_operator,administrator
The JOC Account Manager will add the [users] section for the Role assignment.
- Usernames may have blank spaces if they are stored in a LDAP directory. Usernames stored in the
shiro.iniconfiguration file may not contain blank spaces.- When a User account with blank spaces in its name is configured using the JOC Cockpit's Manage Accounts view then every blank space in the name will be automatically replaced with
%20before the name is written to theshiro.inifile. - When a User account with blank spaces in its name is added directly to the
shiro.inifile then every blank space in the name should replaced with %20 before the name is written to theshiro.inifile. - Every occurrence of
%20in an Account User Name saved in theshiro.inifile will be automatically converted to a blank space before this name is submitted to the LDAP server.
- When a User account with blank spaces in its name is configured using the JOC Cockpit's Manage Accounts view then every blank space in the name will be automatically replaced with
- Passwords may not be specified for Accounts with LDAP authentication when configuring such Accounts using the JOC Cockpit's Manage Accounts view .
- When you login with a domain the reference must contain the whole domain/username pattern e.g.
user@domain.
Assigning Roles from LDAP Groups
If the roles are assigned with the JOC Account Manager (i.e. there is [users] section in the shiro.ini configuration file) you can skip this chapter.
The group-roles mapping
Settings:
ldapRealm.groupRolesMap
If the roles are assigned with the JOC Account Manager (i.e. there is [users] section in the shiro.ini configuration file) you can skip this chapter.
shiro.ini configuration file. This is done with the groupRolesMap.shiro ini file will look like:The groupRolesMap looks like this.
ldapRealm.groupRolesMap = \
group1 : list_of_roles, \group2 : list_of_roles
where list_of_roles is a list of Roles that are configured in the [roles] section of the shiro.ini configuration file. Multiple Roles are separated with a bar |.
Note that the value of the group depends on the result of the search. It is the value of the attribute you have specified in the groupNameAttribute.
Example
ldapRealm.groupRolesMap = \sos : it_operator, \apl : administrator|application_manage
Getting the Groups a User is a member of
If the roles are assigned with the JOC Account Manager (there is [users] section in the shiro.ini configuration file) you can skip this chapter.
There are two options to find the Group membership(s) for a User Account:
- The user records have a memberOf attribute. The you can get the list of groups with the userSearch. Then proceed with Using memberOf with User Search.
- The user record does not have a memberOf attribute. The group contains the users that are member of the group, Then proceed with Using group search.
These options cannot be mixed.
a) Using memberOf with User Search
If the user entries do not have the memberOf attribute you can skip this section and proceed with Using group search.
Settings:
ldapRealm.searchBaseldapRealm.userSearchFilter
After specifying the user search the shiro.ini configuration file will look like:
This approach looks for the user entry and then reads the memberOf attribute. This attribute is often used when, for example, configuring AD LDAP servers.
Define an userSearchFilter and a searchBase that will find the user (%s will be replaced by the username from the login without the domain)
Example for user search
ldapRealm.searchBase = ou=People,dc=sosldapRealm.userSearchFilter = (uid=%s)
Example for user search in AD
ldapRealm.searchBase = dc=example,dc=comldapRealm.userSearchFilter = (sAMAcountName=%s)
An LDAP Browser can be used to get the correct values for the searchBase and the userSearchFilter. Perform a directory search with the values. You should only find one entry.
The searchBase is the value of the base DN (or ParentDN in the screenshot above).
Hint: If the attribute name in your environment is not the default memberOf you can specify the name of the attribute with groupNameAttribute key as described in the next section.
b) Using group search
If the user entries do have the memberOf attribute you can skip this section and proceed with Using memberOf with User Search. Settings:
ldapRealm.groupSearchBaseldapRealm.groupNameAttributeldapRealm.groupSearchFilter
After defining the group search the shiro.ini configuration file will look like:
When the memberOf attribute is not available for the user, you can use the group search.
Define the groupSearchBase and the groupSearchFilter. For example:
ldapRealm.groupSearchBase = ou=Groups,dc=sosldapRealm.groupSearchFilter = (uniqueMember=uid=%s,ou=People,dc=sos)
Getting the value for the groupSearchBase
Identify the place where the groups are stored. This is your groupSearchBase.
Getting the value for the groupSearchFilter
Click one group Entry (in the screenshot, cn=apl) and see how the members are stored there.
The groupSearchFilter is configured with attr=val where attr is name of the attribute and val is the content. In this example, the attr is uniqueMember and the val uid=%s,ou=People,dc=sos, where the userid is replaced with %s. This results in:
ldapRealm.groupSearchFilter = (uniqueMember=uid=%s,ou=People,dc=sos)
Verifing the groupSearchFilter with the ldapSearch command
ldapsearch -h localhost -p 389 -b "ou=Groups,dc=sos" -s sub "uniqueMember=uid=ur,ou=People,dc=sos" -x
This search should return the group entries the User is a member of. Identify the attribute containing the group name that is to be used in the user roles mapping. This can be seen in the next listing
Verifing the groupSearchBase and groupSearchFilter with an LDAP Browser
groupSearchBase and groupSearchFilter values by using them to perform a directory search. The result should show all groups the user is a member of.
Now set the groupNameAttribute to the name of the attribute that contains the group name.
ldapRealm.groupNameAttribute = cn
Hint: The complete content of this attribute must be used in the groupRolesMap attribute. Typical content of the attribute could be ou=Groups, dc=sos, cn=groupname .
Substitution of the username
If the roles are assigned with the JOC Account Manager (i.e. there is a [users] section in the shiro.ini configuration file) you can skip this chapter.
If the value of the member of the groups contain the username from the login you can skip this chapter
Sometimes the values of the member do not contain the username from the login but, for example, the cn of the user. In that case you have to search for the user first and then specify the name of the attribute that should be used instead of the username from the login .
To achieve this, specify a searchBase, a userSearchFilter and a userNameAttribute.
ldapRealm.searchBase = ou=People,dc=sosldapRealm.userSearchFilter = (uid=%s)
Verification with the ldapSearch command
ldapsearch -h localhost -p 389 -b "ou=People,dc=sos" -s sub "uid=fTester" -x
This search should return the user with the given username. Identify the attribute that should be used for the substitution in the group search base if it is not the username from the login.
Verification with an LDAP Browser
Perform a directory search with your LDAP client to check the User search configuration. You should find only the one User entry with the given username.
Then identify the name of the attribute that contains the value for the substitution. For example:
ldapRealm.userNameAttribute = cn
The whole configuration will looks like:
4. Add Shiro settings
Settings
cacheManagersecurityManager.cacheManager- securityManager.sessionManager.globalSessionTimeout
After adding Shiro settings for the cache manager and the global session timeout the shiro.ini configuration file will look like:
Examples
A full shiro.ini example with group search
A full shiro.ini example with group search where member attribute does not contain the username but the cn
A full shiro.ini example with memberOf in the user record.
A public LDAP Server for testing the connection
An online public LDAP server which can be accessed using a relatively simple configuration is available from Forum Systems. This server can be used to set up a test environment with LDAP authentication. In this article we will refer to the authentication of two user accounts on this server - gauss and newton - that are each members of a different LDAP group as shown in the following table:
| Account Name | Password | LDAP Group | Shiro Role |
|---|---|---|---|
| gauss | password | mathematicians | all |
| newton | password | scientists | it_operator |
To implement the authentication configuration - or realm - for accessing this public LDAP server, add the following lines to the [main] section of the shiro.ini file, either before or after the default line:
securityManager.sessionManager.globalSessionTimeout = 900000
publicLdapRealm = com.sos.auth.shiro.SOSLdapAuthorizingRealm
publicLdapRealm.userDnTemplate = uid={0},dc=example,dc=com
publicLdapRealm.searchBase = dc=example,dc=com
publicLdapRealm.contextFactory.url = ldap://ldap.forumsys.com:389
publicLdapRealm.groupNameAttribute = ou
publicLdapRealm.userNameAttribute = uid
publicLdapRealm.rolePermissionResolver = $rolePermissionResolver
publicLdapRealm.userSearchFilter = (uniqueMember=uid=%s,dc=example,dc=com)
publicLdapRealm.groupRolesMap = \
scientists : it_operator, \
mathematicians: all
rolePermissionResolver = com.sos.auth.shiro.SOSPermissionResolverAdapter
rolePermissionResolver.ini = $iniRealm
securityManager.realms = $publicLdapRealm, $iniRealm
cacheManager = org.apache.shiro.cache.MemoryConstrainedCacheManager
securityManager.cacheManager = $cacheManager
Save the modified shiro.ini file. (It is not necessary to restart the Jetty web server.)
You will now be able to use the JOC Cockpit to authenticate the two User Account name:password combinations listed in the table above with the LDAP server.
The Shiro authentication (using, for example, the default root:root User Account) will still be active alongside the LDAP users listed above.
The LDAP group memberships will be mapped onto the default roles configured in the shiro.ini [roles] section as can be seen in lines 15-17 of the code listing above. This can be checked in the JOC Cockpit by looking at the Permissions section of the relevant User Profiles - the User Account gauss, for example, will have all permissions.
<?xml version="1.0" encoding="UTF-8"?>
<svg version="1.2" baseProfile="tiny" width="210mm" height="297mm" viewBox="0 0 21000 29700" preserveAspectRatio="xMidYMid" fill-rule="evenodd" stroke-width="28.222" stroke-linejoin="round" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" xml:space="preserve"> <defs> <font id="EmbeddedFont_1" horiz-adv-x="2048"> <font-face font-family="Arial embedded" units-per-em="2048" font-weight="normal" font-style="normal" ascent="1852" descent="450"/> <missing-glyph horiz-adv-x="2048" d="M 0,0 L 2047,0 2047,2047 0,2047 0,0 Z"/> <glyph unicode="z" horiz-adv-x="928" d="M 40,0 L 40,146 716,922 C 639,918 572,916 513,916 L 80,916 80,1062 948,1062 948,943 373,269 262,146 C 343,152 418,155 489,155 L 980,155 980,0 40,0 Z"/> <glyph unicode="y" horiz-adv-x="928" d="M 127,-409 L 107,-240 C 146,-251 181,-256 210,-256 250,-256 282,-249 306,-236 330,-223 350,-204 365,-180 376,-162 395,-117 420,-46 423,-36 429,-21 436,-2 L 33,1062 227,1062 448,447 C 477,369 502,287 525,201 546,284 570,364 599,443 L 826,1062 1006,1062 602,-18 C 559,-135 525,-215 501,-259 469,-318 432,-362 391,-389 350,-417 300,-431 243,-431 208,-431 170,-424 127,-409 Z"/> <glyph unicode="w" horiz-adv-x="1430" d="M 331,0 L 6,1062 192,1062 361,449 424,221 C 427,232 445,305 479,440 L 648,1062 833,1062 992,446 1045,243 1106,448 1288,1062 1463,1062 1131,0 944,0 775,636 734,817 519,0 331,0 Z"/> <glyph unicode="u" horiz-adv-x="848" d="M 831,0 L 831,156 C 748,36 636,-24 494,-24 431,-24 373,-12 319,12 264,36 224,66 198,103 171,139 153,183 142,236 135,271 131,327 131,404 L 131,1062 311,1062 311,473 C 311,379 315,316 322,283 333,236 357,199 394,172 431,145 476,131 530,131 584,131 635,145 682,173 729,200 763,238 783,286 802,333 812,402 812,493 L 812,1062 992,1062 992,0 831,0 Z"/> <glyph unicode="t" horiz-adv-x="504" d="M 528,161 L 554,2 C 503,-9 458,-14 418,-14 353,-14 302,-4 266,17 230,38 205,65 190,99 175,132 168,203 168,311 L 168,922 36,922 36,1062 168,1062 168,1325 347,1433 347,1062 528,1062 528,922 347,922 347,301 C 347,250 350,217 357,202 363,187 373,176 388,167 402,158 422,154 449,154 469,154 495,156 528,161 Z"/> <glyph unicode="s" horiz-adv-x="874" d="M 63,317 L 241,345 C 251,274 279,219 325,181 370,143 434,124 516,124 599,124 660,141 700,175 740,208 760,248 760,293 760,334 742,366 707,389 682,405 621,425 523,450 391,483 300,512 249,537 198,561 159,595 133,638 106,681 93,728 93,780 93,827 104,871 126,912 147,952 177,985 214,1012 242,1033 280,1050 329,1065 377,1079 429,1086 484,1086 567,1086 641,1074 704,1050 767,1026 813,994 843,953 873,912 894,857 905,788 L 729,764 C 721,819 698,861 660,892 621,923 567,938 497,938 414,938 355,924 320,897 285,870 267,838 267,801 267,778 274,757 289,738 304,719 327,703 358,690 376,683 429,668 517,644 644,610 733,582 784,561 834,539 873,507 902,466 931,425 945,373 945,312 945,252 928,196 893,143 858,90 807,49 741,20 675,-9 600,-24 517,-24 379,-24 274,5 202,62 129,119 83,204 63,317 Z"/> <glyph unicode="r" horiz-adv-x="557" d="M 133,0 L 133,1062 295,1062 295,901 C 336,976 375,1026 410,1050 445,1074 483,1086 525,1086 586,1086 647,1067 710,1028 L 648,861 C 604,887 560,900 516,900 477,900 441,888 410,865 379,841 356,808 343,766 323,702 313,632 313,556 L 313,0 133,0 Z"/> <glyph unicode="p" horiz-adv-x="901" d="M 135,-407 L 135,1062 299,1062 299,924 C 338,978 381,1019 430,1046 479,1073 538,1086 607,1086 698,1086 778,1063 847,1016 916,969 969,904 1004,819 1039,734 1057,640 1057,539 1057,430 1038,333 999,246 960,159 903,92 829,46 754,-1 676,-24 594,-24 534,-24 480,-11 433,14 385,39 346,71 315,110 L 315,-407 135,-407 Z M 298,525 C 298,388 326,287 381,222 436,157 503,124 582,124 662,124 731,158 788,226 845,293 873,398 873,540 873,675 845,777 790,844 734,911 667,945 590,945 513,945 446,909 387,838 328,766 298,662 298,525 Z"/> <glyph unicode="o" horiz-adv-x="980" d="M 68,531 C 68,728 123,873 232,968 323,1047 435,1086 566,1086 712,1086 831,1038 924,943 1017,847 1063,715 1063,546 1063,409 1043,302 1002,224 961,145 901,84 823,41 744,-2 659,-24 566,-24 417,-24 297,24 206,119 114,214 68,352 68,531 Z M 253,531 C 253,395 283,293 342,226 401,158 476,124 566,124 655,124 730,158 789,226 848,294 878,398 878,537 878,668 848,768 789,836 729,903 655,937 566,937 476,937 401,903 342,836 283,769 253,667 253,531 Z"/> <glyph unicode="n" horiz-adv-x="848" d="M 135,0 L 135,1062 297,1062 297,911 C 375,1028 488,1086 635,1086 699,1086 758,1075 812,1052 865,1029 905,998 932,961 959,924 977,879 988,828 995,795 998,736 998,653 L 998,0 818,0 818,646 C 818,719 811,774 797,811 783,847 758,876 723,898 687,919 645,930 597,930 520,930 454,906 399,857 343,808 315,716 315,580 L 315,0 135,0 Z"/> <glyph unicode="m" horiz-adv-x="1457" d="M 135,0 L 135,1062 296,1062 296,913 C 329,965 374,1007 429,1039 484,1070 547,1086 618,1086 697,1086 761,1070 812,1037 862,1004 897,959 918,900 1002,1024 1111,1086 1246,1086 1351,1086 1432,1057 1489,999 1546,940 1574,850 1574,729 L 1574,0 1395,0 1395,669 C 1395,741 1389,793 1378,825 1366,856 1345,882 1314,901 1283,920 1247,930 1206,930 1131,930 1069,905 1020,856 971,806 946,726 946,617 L 946,0 766,0 766,690 C 766,770 751,830 722,870 693,910 645,930 578,930 527,930 481,917 438,890 395,863 363,824 344,773 325,722 315,648 315,551 L 315,0 135,0 Z"/> <glyph unicode="l" horiz-adv-x="186" d="M 131,0 L 131,1466 311,1466 311,0 131,0 Z"/> <glyph unicode="k" horiz-adv-x="874" d="M 136,0 L 136,1466 316,1466 316,630 742,1062 975,1062 569,668 1016,0 794,0 443,543 316,421 316,0 136,0 Z"/> <glyph unicode="i" horiz-adv-x="160" d="M 136,1259 L 136,1466 316,1466 316,1259 136,1259 Z M 136,0 L 136,1062 316,1062 316,0 136,0 Z"/> <glyph unicode="h" horiz-adv-x="848" d="M 135,0 L 135,1466 315,1466 315,940 C 399,1037 505,1086 633,1086 712,1086 780,1071 838,1040 896,1009 938,966 963,911 988,856 1000,777 1000,673 L 1000,0 820,0 820,673 C 820,763 801,829 762,870 723,911 667,931 596,931 543,931 493,917 446,890 399,862 365,824 345,777 325,730 315,664 315,581 L 315,0 135,0 Z"/> <glyph unicode="g" horiz-adv-x="927" d="M 102,-88 L 277,-114 C 284,-168 305,-207 338,-232 383,-265 444,-282 521,-282 604,-282 669,-265 714,-232 759,-199 790,-152 806,-92 815,-55 820,22 819,139 740,46 642,0 525,0 379,0 266,53 186,158 106,263 66,390 66,537 66,638 84,732 121,818 158,903 211,969 281,1016 350,1063 432,1086 526,1086 651,1086 755,1035 836,934 L 836,1062 1002,1062 1002,144 C 1002,-21 985,-138 952,-207 918,-276 865,-331 792,-371 719,-411 629,-431 522,-431 395,-431 293,-402 215,-345 137,-288 99,-203 102,-88 Z M 251,550 C 251,411 279,309 334,245 389,181 459,149 542,149 625,149 694,181 750,245 806,308 834,408 834,544 834,674 805,772 748,838 690,904 620,937 539,937 459,937 391,905 335,840 279,775 251,678 251,550 Z"/> <glyph unicode="f" horiz-adv-x="610" d="M 178,0 L 178,922 19,922 19,1062 178,1062 178,1175 C 178,1246 184,1299 197,1334 214,1381 245,1419 289,1448 332,1477 393,1491 472,1491 523,1491 579,1485 640,1473 L 613,1316 C 576,1323 540,1326 507,1326 452,1326 414,1314 391,1291 368,1268 357,1224 357,1160 L 357,1062 564,1062 564,922 357,922 357,0 178,0 Z"/> <glyph unicode="e" horiz-adv-x="980" d="M 862,342 L 1048,319 C 1019,210 964,126 885,66 806,6 704,-24 581,-24 426,-24 303,24 212,120 121,215 75,349 75,522 75,701 121,839 213,938 305,1037 424,1086 571,1086 713,1086 829,1038 919,941 1009,844 1054,708 1054,533 1054,522 1054,506 1053,485 L 261,485 C 268,368 301,279 360,217 419,155 493,124 582,124 648,124 704,141 751,176 798,211 835,266 862,342 Z M 271,633 L 864,633 C 856,722 833,789 796,834 739,903 664,938 573,938 490,938 421,910 365,855 308,800 277,726 271,633 Z"/> <glyph unicode="d" horiz-adv-x="927" d="M 824,0 L 824,134 C 757,29 658,-24 527,-24 442,-24 365,-1 294,46 223,93 168,158 129,242 90,325 70,421 70,530 70,636 88,732 123,819 158,905 211,971 282,1017 353,1063 432,1086 519,1086 583,1086 640,1073 690,1046 740,1019 781,983 812,940 L 812,1466 991,1466 991,0 824,0 Z M 255,530 C 255,394 284,292 341,225 398,158 466,124 544,124 623,124 690,156 745,221 800,285 827,383 827,515 827,660 799,767 743,835 687,903 618,937 536,937 456,937 389,904 336,839 282,774 255,671 255,530 Z"/> <glyph unicode="c" horiz-adv-x="927" d="M 828,389 L 1005,366 C 986,244 936,149 857,80 777,11 679,-24 563,-24 418,-24 301,24 213,119 124,214 80,350 80,527 80,642 99,742 137,828 175,914 233,979 311,1022 388,1065 473,1086 564,1086 679,1086 774,1057 847,999 920,940 967,857 988,750 L 813,723 C 796,794 767,848 725,884 682,920 631,938 571,938 480,938 407,906 350,841 293,776 265,673 265,532 265,389 292,286 347,221 402,156 473,124 561,124 632,124 691,146 738,189 785,232 815,299 828,389 Z"/> <glyph unicode="b" horiz-adv-x="901" d="M 301,0 L 134,0 134,1466 314,1466 314,943 C 390,1038 487,1086 605,1086 670,1086 732,1073 791,1047 849,1020 897,983 935,936 972,888 1002,830 1023,763 1044,696 1055,624 1055,547 1055,365 1010,224 920,125 830,26 722,-24 596,-24 471,-24 372,28 301,133 L 301,0 Z M 299,539 C 299,412 316,320 351,263 408,170 484,124 581,124 660,124 728,158 785,227 842,295 871,397 871,532 871,671 844,773 789,839 734,905 667,938 589,938 510,938 442,904 385,836 328,767 299,668 299,539 Z"/> <glyph unicode="a" horiz-adv-x="980" d="M 828,131 C 761,74 697,34 636,11 574,-12 508,-24 437,-24 320,-24 231,5 168,62 105,119 74,191 74,280 74,332 86,380 110,423 133,466 164,500 203,526 241,552 284,572 332,585 367,594 421,603 492,612 637,629 744,650 813,674 814,699 814,714 814,721 814,794 797,846 763,876 717,917 649,937 558,937 473,937 411,922 371,893 330,863 300,810 281,735 L 105,759 C 121,834 147,895 184,942 221,988 274,1024 343,1049 412,1074 493,1086 584,1086 675,1086 748,1075 805,1054 862,1033 903,1006 930,974 957,941 975,900 986,851 992,820 995,765 995,685 L 995,445 C 995,278 999,172 1007,128 1014,83 1029,41 1052,0 L 864,0 C 845,37 833,81 828,131 Z M 813,533 C 748,506 650,484 519,465 445,454 393,442 362,429 331,416 308,396 291,371 274,345 266,316 266,285 266,237 284,197 321,165 357,133 410,117 480,117 549,117 611,132 665,163 719,193 759,234 784,287 803,328 813,388 813,467 L 813,533 Z"/> <glyph unicode="Y" horiz-adv-x="1271" d="M 571,0 L 571,621 6,1466 242,1466 531,1024 C 584,941 634,859 680,776 724,853 777,939 840,1035 L 1124,1466 1350,1466 765,621 765,0 571,0 Z"/> <glyph unicode="U" horiz-adv-x="1138" d="M 1120,1466 L 1314,1466 1314,619 C 1314,472 1297,355 1264,268 1231,181 1171,111 1084,57 997,2 882,-25 741,-25 604,-25 491,-1 404,46 317,93 254,162 217,252 180,341 161,464 161,619 L 161,1466 355,1466 355,620 C 355,493 367,399 391,339 414,278 455,232 513,199 570,166 641,150 724,150 867,150 968,182 1029,247 1090,312 1120,436 1120,620 L 1120,1466 Z"/> <glyph unicode="T" horiz-adv-x="1166" d="M 531,0 L 531,1293 48,1293 48,1466 1210,1466 1210,1293 725,1293 725,0 531,0 Z"/> <glyph unicode="S" horiz-adv-x="1139" d="M 92,471 L 275,487 C 284,414 304,354 336,307 367,260 416,222 483,193 550,164 625,149 708,149 782,149 847,160 904,182 961,204 1003,234 1031,273 1058,311 1072,353 1072,398 1072,444 1059,484 1032,519 1005,553 961,582 900,605 861,620 774,644 639,677 504,709 410,739 356,768 286,805 234,850 200,905 165,959 148,1020 148,1087 148,1161 169,1230 211,1295 253,1359 314,1408 395,1441 476,1474 565,1491 664,1491 773,1491 869,1474 952,1439 1035,1404 1098,1352 1143,1284 1188,1216 1212,1139 1215,1053 L 1029,1039 C 1019,1132 985,1202 928,1249 870,1296 785,1320 672,1320 555,1320 469,1299 416,1256 362,1213 335,1161 335,1100 335,1047 354,1004 392,970 429,936 527,901 685,866 842,830 950,799 1009,772 1094,733 1157,683 1198,623 1239,562 1259,493 1259,414 1259,336 1237,263 1192,194 1147,125 1083,71 1000,33 916,-6 822,-25 717,-25 584,-25 473,-6 384,33 294,72 224,130 173,208 122,285 95,373 92,471 Z"/> <glyph unicode="R" horiz-adv-x="1271" d="M 161,0 L 161,1466 811,1466 C 942,1466 1041,1453 1109,1427 1177,1400 1231,1354 1272,1287 1313,1220 1333,1147 1333,1066 1333,962 1299,874 1232,803 1165,732 1061,686 920,667 971,642 1010,618 1037,594 1094,542 1147,477 1198,399 L 1453,0 1209,0 1015,305 C 958,393 912,460 875,507 838,554 806,586 777,605 748,624 718,637 688,644 666,649 630,651 580,651 L 355,651 355,0 161,0 Z M 355,819 L 772,819 C 861,819 930,828 980,847 1030,865 1068,894 1094,935 1120,975 1133,1019 1133,1066 1133,1135 1108,1192 1058,1237 1007,1282 928,1304 819,1304 L 355,1304 355,819 Z"/> <glyph unicode="P" horiz-adv-x="1113" d="M 158,0 L 158,1466 711,1466 C 808,1466 883,1461 934,1452 1006,1440 1066,1417 1115,1384 1164,1350 1203,1303 1233,1242 1262,1181 1277,1115 1277,1042 1277,917 1237,812 1158,726 1079,639 935,596 728,596 L 352,596 352,0 158,0 Z M 352,769 L 731,769 C 856,769 945,792 998,839 1051,886 1077,951 1077,1036 1077,1097 1062,1150 1031,1194 1000,1237 959,1266 908,1280 875,1289 815,1293 727,1293 L 352,1293 352,769 Z"/> <glyph unicode="O" horiz-adv-x="1404" d="M 99,714 C 99,957 164,1148 295,1286 426,1423 594,1492 801,1492 936,1492 1058,1460 1167,1395 1276,1330 1359,1240 1416,1125 1473,1009 1501,878 1501,731 1501,582 1471,449 1411,332 1351,215 1266,126 1156,66 1046,5 927,-25 800,-25 662,-25 539,8 430,75 321,142 239,233 183,348 127,463 99,585 99,714 Z M 299,711 C 299,534 347,395 442,294 537,192 656,141 799,141 945,141 1065,192 1160,295 1254,398 1301,543 1301,732 1301,851 1281,956 1241,1045 1200,1134 1141,1203 1064,1252 986,1301 899,1325 802,1325 665,1325 547,1278 448,1184 349,1089 299,932 299,711 Z"/> <glyph unicode="N" horiz-adv-x="1138" d="M 156,0 L 156,1466 355,1466 1125,315 1125,1466 1311,1466 1311,0 1112,0 342,1152 342,0 156,0 Z"/> <glyph unicode="M" horiz-adv-x="1377" d="M 152,0 L 152,1466 444,1466 791,428 C 823,331 846,259 861,211 878,264 904,343 939,446 L 1290,1466 1551,1466 1551,0 1364,0 1364,1227 938,0 763,0 339,1248 339,0 152,0 Z"/> <glyph unicode="L" horiz-adv-x="927" d="M 150,0 L 150,1466 344,1466 344,173 1066,173 1066,0 150,0 Z"/> <glyph unicode="J" horiz-adv-x="795" d="M 59,416 L 234,440 C 239,328 260,251 297,210 334,169 386,148 452,148 501,148 543,159 578,182 613,204 638,234 651,273 664,311 671,372 671,456 L 671,1466 865,1466 865,467 C 865,344 850,249 821,182 791,115 744,63 680,28 615,-7 540,-25 453,-25 324,-25 226,12 158,86 89,160 56,270 59,416 Z"/> <glyph unicode="G" horiz-adv-x="1350" d="M 844,575 L 844,747 1465,748 1465,204 C 1370,128 1271,71 1170,33 1069,-6 965,-25 858,-25 714,-25 583,6 466,68 348,129 259,218 199,335 139,452 109,582 109,726 109,869 139,1002 199,1126 258,1249 344,1341 456,1401 568,1461 697,1491 843,1491 949,1491 1045,1474 1131,1440 1216,1405 1283,1357 1332,1296 1381,1235 1418,1155 1443,1056 L 1268,1008 C 1246,1083 1219,1141 1186,1184 1153,1227 1107,1261 1046,1287 985,1312 918,1325 844,1325 755,1325 679,1312 614,1285 549,1258 497,1222 458,1178 418,1134 387,1086 365,1033 328,942 309,844 309,738 309,607 332,498 377,410 422,322 487,257 573,214 659,171 750,150 847,150 931,150 1013,166 1093,199 1173,231 1234,265 1275,302 L 1275,575 844,575 Z"/> <glyph unicode="F" horiz-adv-x="980" d="M 168,0 L 168,1466 1157,1466 1157,1293 362,1293 362,839 1050,839 1050,666 362,666 362,0 168,0 Z"/> <glyph unicode="D" horiz-adv-x="1191" d="M 158,0 L 158,1466 663,1466 C 777,1466 864,1459 924,1445 1008,1426 1080,1391 1139,1340 1216,1275 1274,1191 1313,1090 1351,988 1370,872 1370,741 1370,630 1357,531 1331,445 1305,359 1272,288 1231,232 1190,175 1146,131 1098,99 1049,66 991,42 923,25 854,8 776,0 687,0 L 158,0 Z M 352,173 L 665,173 C 762,173 838,182 893,200 948,218 991,243 1024,276 1070,322 1106,384 1132,462 1157,539 1170,633 1170,744 1170,897 1145,1015 1095,1098 1044,1180 983,1235 911,1263 859,1283 775,1293 660,1293 L 352,1293 352,173 Z"/> <glyph unicode="C" horiz-adv-x="1298" d="M 1204,514 L 1398,465 C 1357,306 1284,184 1179,101 1073,17 944,-25 791,-25 633,-25 505,7 406,72 307,136 231,229 180,351 128,473 102,604 102,744 102,897 131,1030 190,1144 248,1257 331,1344 439,1403 546,1462 665,1491 794,1491 941,1491 1064,1454 1164,1379 1264,1304 1334,1199 1373,1064 L 1182,1019 C 1148,1126 1099,1203 1034,1252 969,1301 888,1325 790,1325 677,1325 583,1298 508,1244 432,1190 379,1118 348,1027 317,936 302,842 302,745 302,620 320,512 357,419 393,326 449,256 526,210 603,164 686,141 775,141 884,141 976,172 1051,235 1126,298 1177,391 1204,514 Z"/> <glyph unicode="B" horiz-adv-x="1086" d="M 150,0 L 150,1466 700,1466 C 812,1466 902,1451 970,1422 1037,1392 1090,1346 1129,1285 1167,1223 1186,1158 1186,1091 1186,1028 1169,969 1135,914 1101,859 1050,814 981,780 1070,754 1138,710 1186,647 1233,584 1257,510 1257,425 1257,356 1243,293 1214,234 1185,175 1149,129 1106,97 1063,65 1010,41 946,25 881,8 802,0 709,0 L 150,0 Z M 344,850 L 661,850 C 747,850 809,856 846,867 895,882 933,906 958,940 983,974 995,1017 995,1068 995,1117 983,1160 960,1197 937,1234 903,1259 860,1273 817,1286 742,1293 637,1293 L 344,1293 344,850 Z M 344,173 L 709,173 C 772,173 816,175 841,180 886,188 923,201 953,220 983,239 1008,266 1027,302 1046,337 1056,378 1056,425 1056,480 1042,527 1014,568 986,608 947,636 898,653 848,669 776,677 683,677 L 344,677 344,173 Z"/> <glyph unicode="A" horiz-adv-x="1376" d="M -3,0 L 560,1466 769,1466 1369,0 1148,0 977,444 364,444 203,0 -3,0 Z M 420,602 L 917,602 764,1008 C 717,1131 683,1233 660,1312 641,1218 615,1125 581,1032 L 420,602 Z"/> <glyph unicode=")" horiz-adv-x="477" d="M 253,-431 L 124,-431 C 323,-111 423,209 423,530 423,655 409,780 380,903 357,1003 326,1099 285,1191 259,1251 205,1351 124,1491 L 253,1491 C 378,1324 471,1156 531,987 582,842 608,690 608,531 608,351 574,177 505,9 436,-159 352,-306 253,-431 Z"/> <glyph unicode="(" horiz-adv-x="478" d="M 479,-431 C 380,-306 296,-159 227,9 158,177 124,351 124,531 124,690 150,842 201,987 261,1156 354,1324 479,1491 L 608,1491 C 527,1352 474,1253 448,1194 407,1102 375,1006 352,906 323,781 309,656 309,530 309,209 409,-111 608,-431 L 479,-431 Z"/> <glyph unicode=" " horiz-adv-x="556"/> </font> </defs> <defs> <font id="EmbeddedFont_2" horiz-adv-x="2048"> <font-face font-family="StarSymbol embedded" units-per-em="2048" font-weight="normal" font-style="normal" ascent="1640" descent="397"/> <missing-glyph horiz-adv-x="2048" d="M 0,0 L 2047,0 2047,2047 0,2047 0,0 Z"/> <glyph unicode="●" horiz-adv-x="1165" d="M 813,0 C 633,0 490,54 383,161 276,268 223,412 223,592 223,772 276,916 383,1023 490,1130 633,1184 813,1184 992,1184 1136,1130 1245,1023 1353,916 1407,772 1407,592 1407,412 1353,268 1245,161 1136,54 992,0 813,0 Z"/> </font> </defs> <g visibility="visible" id="MasterSlide_1_Standard"> <desc>Master slide </desc> <rect fill="none" stroke="none" x="0" y="0" width="21000" height="29700"/> </g> <g visibility="visible" id="Slide_1_page1"> <g id="Drawing_1"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 9650,2800 L 4500,2800 4500,1500 14800,1500 14800,2800 9650,2800 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="4750" y="2070"> <tspan x="4750 5080 5355 5495 5770 6045 6185 6460 6735 6985 7095 7345 7485 7760 8116 8446 8767 8907 9157 9432 9707 9847 9957 10232 10507 10672 10948 11087 11197 11473 11748 11887 11997 12108 12357 12632 12772 12912 13187 13462 13602 13877 14042">Setup basic LDAP configuration like the url</tspan></text> </g> </g> <g id="Drawing_2"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 9500,5700 L 5000,5700 5000,4200 14000,4200 14000,5700 9500,5700 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="5250" y="4770"> <tspan x="5250 5580 5855 5995 6270 6545 6685 6825 7100 7375 7515 7790 8065 8205 8480 8755 9030 9170 9280 9420 9530 9780 10055 10195 10305 10580">Setup the authentification</tspan></text> <text fill="rgb(0,0,0)" stroke="none" x="5250" y="5325"> <tspan x="5250 5415 5690 5940 6215 6380 6736 7011 7257 7532 7942 8218 8328 8603 8743 9018">(userDnTemplate)</tspan></text> </g> </g> <g id="Drawing_3"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 9500,8306 L 5000,8306 5000,7500 14000,7500 14000,8306 9500,8306 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="5250" y="8070"> <tspan x="5250 5580 5855 5995 6270 6545 6685 6825 7100 7375 7515 7790 8065 8205 8480 8755 8920 9030 9280 9555 9695 9805 10080">Setup the authorization</tspan></text> </g> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_4_0" stroke-linejoin="round" d="M 7300,11400 L 6383,11964"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_4_1" d="M 6000,12200 L 6462,12092 6305,11836 6000,12200 Z"/> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_5_0" stroke-linejoin="round" d="M 11800,10900 L 13102,11589"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_5_1" d="M 13500,11800 L 13172,11457 13032,11722 13500,11800 Z"/> </g> <g id="Drawing_6"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 15850,13900 L 13300,13900 13300,12100 18400,12100 18400,13900 15850,13900 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="13550" y="12670"> <tspan x="13550 13906 14155 14431 14570 14820 15205 15561 15701 15840 16115 16255 16530 16780 17030 17140 17415 17690">Use JOC to assign </tspan></text> <text fill="rgb(0,0,0)" stroke="none" x="13550" y="13225"> <tspan x="13550 13715 13990 14100 14376 14625 14765 14905 15180 15320 15595 15844 16120 16285">roles to users</tspan></text> </g> </g> <g id="Drawing_7"> <path fill="rgb(207,231,245)" stroke="none" d="M 6200,13600 L 10501,15300 6200,17001 1900,15300 6200,13600 6200,13600 Z"/> <path fill="none" stroke="rgb(128,128,128)" stroke-linejoin="round" d="M 6200,13600 L 10501,15300 6200,17001 1900,15300 6200,13600 6200,13600 Z"/> <rect fill="none" stroke="none" x="1900" y="13600" width="8601" height="3401"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="4365" y="15190"> <tspan x="4365 4721 4970 5246 5411 5550 5715 5991 6240 6516 6681 6956 7096 7371 7646 7896">User record has </tspan></text> <text fill="rgb(0,0,0)" stroke="none" x="4187" y="15745"> <tspan x="4187 4598 4873 5283 5559 5834 5999 6384 6524 6638 6968 7108 7248 7413 7523 7798 8073">memberOf Attribut</tspan></text> </g> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_8_0" stroke-linejoin="round" d="M 14700,23500 L 15993,24108"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_8_1" d="M 16400,24300 L 16057,23973 15929,24244 16400,24300 Z"/> </g> <g id="Drawing_9"> <rect fill="none" stroke="none" x="15400" y="23337" width="1803" height="1064"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="15650" y="23907"> <tspan x="15650 16006">No</tspan></text> </g> </g> <g id="Drawing_10"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 4150,20600 L 1400,20600 1400,18129 6900,18129 6900,20600 4150,20600 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="1650" y="18699"> <tspan x="1650 1980 2255 2531 2780 2890 3030 3271 3411 3767 4016 4292 4457 4787 5062 5337 5502 5752">Specify UserSearch</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="1650" y="19706">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="2250" y="19809"> <tspan x="2250 2500 2775 3050 3215 3465 3740 4070 4346 4595">searchBase</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="1650" y="20261">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="2250" y="20364"> <tspan x="2250 2525 2775 3050 3215 3545 3821 4096 4261 4511 4786 5086 5196 5306 5446 5721">userSearchFilter</tspan></text> </g> </g> <g id="Drawing_11"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 6200,13400 L 2000,13400 2000,12400 10400,12400 10400,13400 6200,13400 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="2250" y="12970"> <tspan x="2250 2606 2881 3020 3131 3406 3681 3821 4206 4371 4646 4921 5196 5552 5827 5937 6212 6462 6602 7013 7288 7563 7838 7948 8223">Define GroupRoles Mapping</tspan></text> </g> </g> <g id="Drawing_12"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 12950,21332 L 9700,21332 9700,18100 16200,18100 16200,21332 12950,21332 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="9950" y="18670"> <tspan x="9950 10280 10555 10831 11080 11190 11330 11571 11711 12096 12261 12537 12812 13087 13227 13557 13832 14107 14272 14522">Specify Group Search</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="9950" y="19677">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="10550" y="19780"> <tspan x="10550 10825 10990 11265 11541 11816 12146 12421 12696 12861 13111 13386 13717 13992 14241">groupSearchBase</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="9950" y="20232">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="10550" y="20335"> <tspan x="10550 10825 10990 11265 11541 11816 12146 12421 12696 12861 13111 13386 13687 13797 13907 14047 14322">groupSearchFilter</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="9950" y="20787">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="10550" y="20890"> <tspan x="10550 10825 10990 11265 11541 11816 12171 12447 12857 13132 13463 13602 13742 13907 14017 14292 14567 14707">groupNameAttribute</tspan></text> </g> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_13_0" stroke-linejoin="round" d="M 8800,2800 L 8800,3550"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_13_1" d="M 8800,4000 L 8950,3550 8650,3550 8800,4000 Z"/> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_14_0" stroke-linejoin="round" d="M 8800,5700 L 8800,6850"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_14_1" d="M 8800,7300 L 8950,6850 8650,6850 8800,7300 Z"/> </g> <g id="Drawing_15"> <path fill="rgb(207,231,245)" stroke="none" d="M 9000,8400 L 13301,10100 9000,11801 4700,10100 9000,8400 9000,8400 Z"/> <path fill="none" stroke="rgb(128,128,128)" stroke-linejoin="round" d="M 9000,8400 L 13301,10100 9000,11801 4700,10100 9000,8400 9000,8400 Z"/> <rect fill="none" stroke="none" x="4700" y="8400" width="8601" height="3401"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="7069" y="9990"> <tspan x="7069 7399 7649 7899 8009 8284 8559 8699 8864 9139 9249 9524 9774 9914 10265 10375 10515 10790">Assign roles with </tspan></text> <text fill="rgb(0,0,0)" stroke="none" x="7139" y="10545"> <tspan x="7139 7414 7579 7854 8130 8405 8655 8794 8934 9099 9374 9785 9925 10035 10310 10585">groups from ldap</tspan></text> </g> </g> <g id="Drawing_16"> <path fill="rgb(207,231,245)" stroke="none" d="M 12900,21499 L 17201,22799 12900,24099 8600,22799 12900,21499 12900,21499 Z"/> <path fill="none" stroke="rgb(128,128,128)" stroke-linejoin="round" d="M 12900,21499 L 17201,22799 12900,24099 8600,22799 12900,21499 12900,21499 Z"/> <rect fill="none" stroke="none" x="8600" y="21500" width="8601" height="2600"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="9947" y="22689"> <tspan x="9947 10358 10633 11043 11319 11594 11759 11873 12203 12343 12483 12648 12758 13033 13308 13448 13723 13863 14113 14388 14663 14803 15078 15188 15463 15713">Member Attribute contains </tspan></text> <text fill="rgb(0,0,0)" stroke="none" x="10642" y="23244"> <tspan x="10642 10917 11167 11442 11607 11882 12158 12568 12843 12983 13123 13288 13563 13974 14113 14223 14499 14774 14884">username from login</tspan></text> </g> </g> <g id="Drawing_17"> <path fill="none" stroke="rgb(0,0,0)" stroke-linejoin="round" d="M 16650,26900 L 13900,26900 13900,24429 19400,24429 19400,26900 16650,26900 Z"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="14150" y="24999"> <tspan x="14150 14480 14755 15031 15280 15390 15530 15771 15911 16267 16516 16792 16957 17287 17562 17837 18002 18252">Specify UserSearch</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="14150" y="26006">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="14750" y="26109"> <tspan x="14750 15000 15275 15550 15715 15965 16240 16570 16846 17095">searchBase</tspan></text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="StarSymbol embedded" font-size="222" font-style="normal" font-weight="400"> <text x="14150" y="26561">●</text> </g> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="14750" y="26664"> <tspan x="14750 15025 15275 15550 15715 16045 16321 16596 16761 17011 17286 17586 17696 17806 17946 18221">userSearchFilter</tspan></text> </g> </g> <g id="Drawing_18"> <rect fill="none" stroke="none" x="9200" y="15837" width="1803" height="1064"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="9450" y="16407"> <tspan x="9450 9806">No</tspan></text> </g> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_19_0" stroke-linejoin="round" d="M 8800,16100 L 11215,17566"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_19_1" d="M 11600,17800 L 11293,17438 11137,17695 11600,17800 Z"/> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_20_0" stroke-linejoin="round" d="M 4700,16400 L 3246,17612"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_20_1" d="M 2900,17900 L 3342,17727 3150,17497 2900,17900 Z"/> </g> <g id="Drawing_21"> <rect fill="none" stroke="none" x="5400" y="10937" width="1401" height="1362"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="5650" y="11507"> <tspan x="5650 5929 6205">Yes</tspan></text> </g> </g> <g id="Drawing_22"> <rect fill="none" stroke="none" x="2200" y="15939" width="1471" height="1362"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="2450" y="16509"> <tspan x="2450 2729 3005">Yes</tspan></text> </g> </g> <g id="Drawing_23"> <rect fill="none" stroke="none" x="12500" y="10637" width="1803" height="1064"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="12750" y="11207"> <tspan x="12750 13106">No</tspan></text> </g> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_24_0" stroke-linejoin="round" d="M 3900,20700 L 3900,22250"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_24_1" d="M 3900,22700 L 4050,22250 3750,22250 3900,22700 Z"/> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_25_0" stroke-linejoin="round" d="M 18000,14000 L 18000,15550"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_25_1" d="M 18000,16000 L 18150,15550 17850,15550 18000,16000 Z"/> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_26_0" stroke-linejoin="round" d="M 11400,23700 L 10638,24918"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_26_1" d="M 10400,25300 L 10766,24998 10511,24839 10400,25300 Z"/> </g> <g> <path fill="rgb(207,231,245)" stroke="none" d="M 16495,28600 C 16404,28600 16326,28581 16248,28540 16169,28498 16112,28447 16066,28375 16021,28303 16000,28233 16000,28150 16000,28067 16021,27997 16066,27925 16112,27853 16169,27802 16248,27760 16326,27719 16404,27700 16495,27700 16586,27700 16664,27719 16743,27760 16821,27802 16878,27853 16924,27925 16969,27997 16990,28067 16990,28150 16990,28233 16969,28303 16924,28375 16878,28447 16821,28498 16743,28540 16664,28581 16586,28600 16495,28600 L 16495,28600 Z"/> <path fill="none" stroke="rgb(128,128,128)" id="Drawing_27_0" stroke-linejoin="round" d="M 16495,28600 C 16404,28600 16326,28581 16248,28540 16169,28498 16112,28447 16066,28375 16021,28303 16000,28233 16000,28150 16000,28067 16021,27997 16066,27925 16112,27853 16169,27802 16248,27760 16326,27719 16404,27700 16495,27700 16586,27700 16664,27719 16743,27760 16821,27802 16878,27853 16924,27925 16969,27997 16990,28067 16990,28150 16990,28233 16969,28303 16924,28375 16878,28447 16821,28498 16743,28540 16664,28581 16586,28600 16495,28600 L 16495,28600 Z"/> </g> <g> <path fill="none" stroke="rgb(0,0,0)" id="Drawing_28_0" stroke-linejoin="round" d="M 16500,26800 L 16500,27350"/> <path fill="rgb(0,0,0)" stroke="none" id="Drawing_28_1" d="M 16500,27800 L 16650,27350 16350,27350 16500,27800 Z"/> </g> <g> <path fill="rgb(207,231,245)" stroke="none" d="M 3895,23600 C 3804,23600 3726,23581 3648,23540 3569,23498 3512,23447 3466,23375 3421,23303 3400,23233 3400,23150 3400,23067 3421,22997 3466,22925 3512,22853 3569,22802 3648,22760 3726,22719 3804,22700 3895,22700 3986,22700 4064,22719 4143,22760 4221,22802 4278,22853 4324,22925 4369,22997 4390,23067 4390,23150 4390,23233 4369,23303 4324,23375 4278,23447 4221,23498 4143,23540 4064,23581 3986,23600 3895,23600 L 3895,23600 Z"/> <path fill="none" stroke="rgb(128,128,128)" id="Drawing_29_0" stroke-linejoin="round" d="M 3895,23600 C 3804,23600 3726,23581 3648,23540 3569,23498 3512,23447 3466,23375 3421,23303 3400,23233 3400,23150 3400,23067 3421,22997 3466,22925 3512,22853 3569,22802 3648,22760 3726,22719 3804,22700 3895,22700 3986,22700 4064,22719 4143,22760 4221,22802 4278,22853 4324,22925 4369,22997 4390,23067 4390,23150 4390,23233 4369,23303 4324,23375 4278,23447 4221,23498 4143,23540 4064,23581 3986,23600 3895,23600 L 3895,23600 Z"/> </g> <g> <path fill="rgb(207,231,245)" stroke="none" d="M 10305,26300 C 10214,26300 10136,26281 10058,26240 9979,26198 9922,26147 9876,26075 9831,26003 9810,25933 9810,25850 9810,25767 9831,25697 9876,25625 9922,25553 9979,25502 10058,25460 10136,25419 10214,25400 10305,25400 10396,25400 10474,25419 10553,25460 10631,25502 10688,25553 10734,25625 10779,25697 10800,25767 10800,25850 10800,25933 10779,26003 10734,26075 10688,26147 10631,26198 10553,26240 10474,26281 10396,26300 10305,26300 L 10305,26300 Z"/> <path fill="none" stroke="rgb(128,128,128)" id="Drawing_30_0" stroke-linejoin="round" d="M 10305,26300 C 10214,26300 10136,26281 10058,26240 9979,26198 9922,26147 9876,26075 9831,26003 9810,25933 9810,25850 9810,25767 9831,25697 9876,25625 9922,25553 9979,25502 10058,25460 10136,25419 10214,25400 10305,25400 10396,25400 10474,25419 10553,25460 10631,25502 10688,25553 10734,25625 10779,25697 10800,25767 10800,25850 10800,25933 10779,26003 10734,26075 10688,26147 10631,26198 10553,26240 10474,26281 10396,26300 10305,26300 L 10305,26300 Z"/> </g> <g> <path fill="rgb(207,231,245)" stroke="none" d="M 18005,17000 C 17914,17000 17836,16981 17758,16940 17679,16898 17622,16847 17576,16775 17531,16703 17510,16633 17510,16550 17510,16467 17531,16397 17576,16325 17622,16253 17679,16202 17758,16160 17836,16119 17914,16100 18005,16100 18096,16100 18174,16119 18253,16160 18331,16202 18388,16253 18434,16325 18479,16397 18500,16467 18500,16550 18500,16633 18479,16703 18434,16775 18388,16847 18331,16898 18253,16940 18174,16981 18096,17000 18005,17000 L 18005,17000 Z"/> <path fill="none" stroke="rgb(128,128,128)" id="Drawing_31_0" stroke-linejoin="round" d="M 18005,17000 C 17914,17000 17836,16981 17758,16940 17679,16898 17622,16847 17576,16775 17531,16703 17510,16633 17510,16550 17510,16467 17531,16397 17576,16325 17622,16253 17679,16202 17758,16160 17836,16119 17914,16100 18005,16100 18096,16100 18174,16119 18253,16160 18331,16202 18388,16253 18434,16325 18479,16397 18500,16467 18500,16550 18500,16633 18479,16703 18434,16775 18388,16847 18331,16898 18253,16940 18174,16981 18096,17000 18005,17000 L 18005,17000 Z"/> </g> <g id="Drawing_32"> <rect fill="none" stroke="none" x="9629" y="23537" width="1372" height="1362"/> <g fill="rgb(0,0,0)" stroke="none" font-family="Arial embedded" font-size="494" font-style="normal" font-weight="400"> <text x="9879" y="24107"> <tspan x="9879 10158 10434">Yes</tspan></text> </g> </g> </g></svg>