Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Next revisionBoth sides next revision | ||
72:ldap_config_authenication [2018/07/16 14:52] – [Configuring Authentication] bkkr | 72:ldap_config_authenication [2018/09/04 20:37] – [Configuring Authentication] emr | ||
---|---|---|---|
Line 7: | Line 7: | ||
=== Specifying a Query User === | === Specifying a Query User === | ||
- | A query user can be specified using the optional< | + | A query user can be specified using the optional <font inherit/ |
< | < | ||
- | < | + | < |
… | … | ||
- | < | + | < |
- | credentials"/> | + | |
… | … | ||
</ | </ | ||
Line 20: | Line 19: | ||
The ldap-query-user tag has two required attributes: | The ldap-query-user tag has two required attributes: | ||
- | * name | + | * name: the DN (DN = Distinguished Name) of a user with read access to the LDAP directory |
- | * credentials | + | * credentials: the password of the above user |
//NOTE//: If no query user is specified then an anonymous bind is used to connect to the LDAP directory. | //NOTE//: If no query user is specified then an anonymous bind is used to connect to the LDAP directory. | ||
Line 31: | Line 30: | ||
The distinguished name can be set directly to the name attribute as shown in the example below: | The distinguished name can be set directly to the name attribute as shown in the example below: | ||
- | ''< | + | ''< |
If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user. | If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user. | ||
Line 48: | Line 47: | ||
< | < | ||
- | < | + | < |
… | … | ||
< | < | ||
Line 68: | Line 67: | ||
The <font inherit/ | The <font inherit/ | ||
- | Example: ''< | + | Example: ''< |
//NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema. | //NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema. | ||
Line 74: | Line 73: | ||
**The optional URL Attribute** | **The optional URL Attribute** | ||
- | The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[: | + | The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[: |
//NOTE//: To allow authentication via SSL, set the prefix “<font inherit/ | //NOTE//: To allow authentication via SSL, set the prefix “<font inherit/ | ||