Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
72:ldap_config_authenication [2018/07/16 14:51] – [Configuring Authentication] bkkr | 72:ldap_config_authenication [2018/09/04 20:37] – [Configuring Authentication] emr | ||
---|---|---|---|
Line 7: | Line 7: | ||
=== Specifying a Query User === | === Specifying a Query User === | ||
- | A query user can be specified using the optional< | + | A query user can be specified using the optional <font inherit/ |
< | < | ||
- | < | + | < |
… | … | ||
- | < | + | < |
- | credentials"/> | + | |
… | … | ||
</ | </ | ||
Line 20: | Line 19: | ||
The ldap-query-user tag has two required attributes: | The ldap-query-user tag has two required attributes: | ||
- | * name | + | * name: the DN (DN = Distinguished Name) of a user with read access to the LDAP directory |
- | * credentials | + | * credentials: the password of the above user |
- | **NOTE**: If no query user is specified then an anonymous bind is used to connect to the LDAP directory. | + | //NOTE//: If no query user is specified then an anonymous bind is used to connect to the LDAP directory. |
**Name Attribute** | **Name Attribute** | ||
Line 31: | Line 30: | ||
The distinguished name can be set directly to the name attribute as shown in the example below: | The distinguished name can be set directly to the name attribute as shown in the example below: | ||
- | <font inherit/ | + | '' |
If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user. | If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user. | ||
Line 37: | Line 36: | ||
In the example below “id123“ would be set to the schema to build up the user’s distinguished name. | In the example below “id123“ would be set to the schema to build up the user’s distinguished name. | ||
- | <font inherit/ | + | '' |
**The credentials Attribute** | **The credentials Attribute** | ||
Line 45: | Line 44: | ||
=== The authentication Schema === | === The authentication Schema === | ||
- | === The authentication schema is used to build up the distinguished name of a synchronized user for authentication purposes. The schema can be specified using the optional | + | The authentication schema is used to build up the distinguished name of a synchronized user for authentication purposes. The schema can be specified using the optional ldap-authentication tag, which has to be nested inside an ldap-provider tag if used. |
< | < | ||
- | < | + | < |
+ | … | ||
+ | < | ||
… | … | ||
- | < | ||
- | … | ||
</ | </ | ||
</ | </ | ||
Line 68: | Line 67: | ||
The <font inherit/ | The <font inherit/ | ||
- | Example: <font inherit/ | + | Example: |
//NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema. | //NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema. | ||
Line 74: | Line 73: | ||
**The optional URL Attribute** | **The optional URL Attribute** | ||
- | The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[: | + | The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[: |
//NOTE//: To allow authentication via SSL, set the prefix “<font inherit/ | //NOTE//: To allow authentication via SSL, set the prefix “<font inherit/ | ||