Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
72:ldap_config_authenication [2018/09/04 20:37] – [Configuring Authentication] emr72:ldap_config_authenication [2024/02/15 00:00] (current) – external edit 127.0.0.1
Line 7: Line 7:
 === Specifying a Query User === === Specifying a Query User ===
  
-A query user can be specified using the optional <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap</font><font inherit/Courier New,Courier,monospace;;inherit;;inherit>-query-user</font> tag. This tag has to be nested inside an ldap-provider tag as shown below:+A query user can be specified using the optional ldap-query-user tag. This tag has to be nested inside an ldap-provider tag as shown below:
  
 <code> <code>
 <ldap-provider url="SERVER_URL" key="AUTHENTICATION_KEY"> <ldap-provider url="SERVER_URL" key="AUTHENTICATION_KEY">
  
- <ldap-query-user name="USERNAME" credentials="PASSWORD"/>+   <ldap-query-user name="USERNAME" credentials="PASSWORD"/>
  …  …
 </ldap-provider> </ldap-provider>
Line 30: Line 30:
 The distinguished name can be set directly to the name attribute as shown in the example below: The distinguished name can be set directly to the name attribute as shown in the example below:
  
-''<font inherit/Courier New,Courier,monospace;;inherit;;inherit><ldap-query-user name="cn=pkit1,o=XYZ,dc=xyzgroup,dc=com" credentials="somepw"/></font>''+''<ldap-query-user name="cn=pkit1,o=XYZ,dc=xyzgroup,dc=com" credentials="somepw"/>''
  
 If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user. If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user.
Line 36: Line 36:
 In the example below “id123“ would be set to the schema to build up the user’s distinguished name. In the example below “id123“ would be set to the schema to build up the user’s distinguished name.
  
-''<font inherit/Courier New,Courier,monospace;;inherit;;inherit><ldap-query-user name="id123" credentials="SOME_CREDENTIALS"/></font>''+''<ldap-query-user name="id123" credentials="SOME_CREDENTIALS"/>''
  
 **The credentials Attribute** **The credentials Attribute**
Line 49: Line 49:
 <ldap-provider url="SERVER_URL" key="AUTHENTICATION_KEY"> <ldap-provider url="SERVER_URL" key="AUTHENTICATION_KEY">
  
-<ldap-authentication type="simple" principal="SOME_PRINCIPAL"/>+  <ldap-authentication type="simple" principal="SOME_PRINCIPAL"/>
  
 </ldap-provider> </ldap-provider>
Line 61: Line 61:
 **The type Attribute** **The type Attribute**
  
-The <font inherit/Courier New,Courier,monospace;;inherit;;inherit>type</font> attribute specifies the authentication mode to synchronize a user. Currently only the mode “simple“ is supported.+The type attribute specifies the authentication mode to synchronize a user. Currently only the mode “simple“ is supported.
  
 **The principle Attribute** **The principle Attribute**
  
-The <font inherit/Courier New,Courier,monospace;;inherit;;inherit>principal</font>attribute holds a schema to build up the distinguished name for user authentication. The special character “%“ is used to specify where to set in the user’s fullname or username to build the corresponding distinguished name.+The principalattribute holds a schema to build up the distinguished name for user authentication. The special character “%“ is used to specify where to set in the user’s fullname or username to build the corresponding distinguished name.
  
-Example: ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>principal=“cn=%,cn=Users,dc=company,dc=com“</font>''+Example: ''principal=“cn=%,cn=Users,dc=company,dc=com“''
  
 //NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema. //NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema.
Line 75: Line 75:
 The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[:72:false|url=“ldap://authsrv.methodpark.de:389/cn=Users,dc=]]company,dc=com“ The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[:72:false|url=“ldap://authsrv.methodpark.de:389/cn=Users,dc=]]company,dc=com“
  
-//NOTE//: To allow authentication via SSL, set the prefix “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap</font>“ to “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldaps</font>“.+//NOTE//: To allow authentication via SSL, set the prefix “ldap“ to “ldaps“.