Differences

This shows you the differences between two versions of the page.

--- 72:ldap_ex_config [2018/07/16 15:39] – [Example Configurations] bkkr
+++ 72:ldap_ex_config [2018/07/16 15:44] – [Example Configurations] bkkr
@@ Line 37: / Line 37: @@
 The user for the LDAP-queries is named “queryuser“ and has the password "pass“ (<ldap-query-user name="queryuser" credentials="pass"/>).
+**Further Examples **
+//Example//
+<code>
+<ldap refreshIntervalMinutes="1440" maximumDeletionPercentage="0">
+<ldap-provider url="ldap://ldap.abc:389/dc=xyzgroup,dc=com"
+ident="ldap_XY_intern"
+key="username"
+defaultRoles="True"
+pageSize="500"
+recursiveSearch="True"
+generateDn="False"
+searchFilter="(&(|(departmentNumber=XY-1)
+ (departmentNumber=XY-2))
+ (mail=*)(sn=*)(objectClass=XYperson))"
+adoptUsers="True"
+matchUsersMode="email">
+<ldap-authentication
+type="simple"
+principal="uid=%,ou=people,dc=xyzgroup,dc=com"
+url="ldap://defg123.abc:3892/dc=com">
+<ldap-query-user
+name="uid=pkit1,ou=people,ou=project users,dc=com"
+ credentials="pkit1"/>
+ </ldap-authentication>
+ <ldap-query-user
+ name="cn=pkit1,ou=projects,o=XYZ,dc=xyzgroup,dc=com"
+ credentials="projk"/>
+ <ldap-attribute name="username" id="uid"/>
+ <ldap-attribute name="fullname" id="cn"/>
+ <ldap-attribute name="email" id="mail"/>
+ <ldap-attribute name="_KEY" id="uid"/>
+</ldap-provider>
+</ldap>
+</code>
+//Example//
+<code>
+<ldap refreshIntervalMinutes="60" maximumDeletionPercentage="50">
+ <ldap-provider
+url="ldap://nu2c001:389/dc=auto,dc=abc,dc=com"
+key="fullname"
+defaultRoles="true"
+recursiveSearch="true"
+searchFilter="(&(|(memberOf=CN=ABC-Stages-User,
+OU=Groups Development,OU=Groups,OU=XYZ,DC=auto, DC=abc,
+DC=com)(memberOf=CN=ABCD-Stages-W, OU=XYZ_Projekt,
+OU=ABC-Common,OU=Groups,OU=Nuernberg,DC=auto,DC=abc,
+DC=com)objectClass=person))">
+<ldap-authentication
+type="simple"
+principal="cn=%,ou=ServiceAccounts,ou=Users,ou=XYZ,
+ dc=auto,dc=abc,dc=com"/>
+<ldap-query-user name="abc-ldap" credentials="12345"/>
+<ldap-attribute name="username" id="sAMAccountName"/>
+<ldap-attribute name="fullname" id="cn"/>
+<ldap-attribute name="email" id="mail"/>
+<ldap-attribute name="authenticationUsername"
+ id="distinguishedName"/>
+ </ldap-provider>
+</ldap>
+</code>
+//Example//
+<code>
+ <ldap-provider ident="abc.def"
+ url="ldap:// abc.def:389/dc=abc,dc=def"
+key="authenticationUsername"
+defaultRoles="true"
+recursiveSearch="true"
+adoptUsers="true"
+searchFilter="(memberOf=CN=ABC-Stages,CN=Users,DC=abc,
+ DC=def)">
+ <ldap-authentication
+type="simple"
+principal="%"/>
+<ldap-query-user name="CN=XYZ,OU=_pkit_completed,OU=Users,
+ OU=AB-DOMAIN,OU=Compelted,DC=abc,DC=def"
+ credentials="12345"/>
+<ldap-attribute name="username" id="sAMAccountName"/>
+<ldap-attribute name="fullname" id="displayName"/>
+<ldap-attribute name="email" id="mail"/>
+<ldap-attribute name="authenticationUsername"
+ id="distinguishedName"/>
+ </ldap-provider>
+</ldap>
+</code>
+//Example for "ondemand" synchronization//
+<code>
+<ldap synchronize="ondemand" synchronizeCronExpression="0 */10 * * *
+?" maximumDeletionPercentage="90">
+ <ldap-provider
+ url="ldap://abc.def:389/dc=abc,dc=def"
+ ident="abc"
+ key="fullname"
+ defaultRoles="true"
+ pageSize="0"
+ generateDn="true"
+ searchFilter=""
+ ondemandFilter="(sAMAccountName=%)"
+ recursiveSearch="true"
+ adoptUsers="true">
+ <ldap-authentication
+ type="simple"
+ principal="%">
+ </ldap-authentication>
+ <ldap-attribute name="username" id="sAMAccountName"/>
+ <ldap-attribute name="fullname" id="cn"/>
+ <ldap-attribute name="email" id="mail"/>
+ <ldap-attribute name="_id" id="mail"/>
+ </ldap-provider>
+</ldap>
+</code>