Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision |
72:ldap_ex_config [2018/07/16 15:39] – [Example Configurations] bkkr | 72:ldap_ex_config [2018/07/16 15:44] – [Example Configurations] bkkr |
---|
| |
The user for the LDAP-queries is named “queryuser“ and has the password "pass“ (<ldap-query-user name="queryuser" credentials="pass"/>). | The user for the LDAP-queries is named “queryuser“ and has the password "pass“ (<ldap-query-user name="queryuser" credentials="pass"/>). |
| |
| **Further Examples ** |
| |
| //Example// |
| <code> |
| <ldap refreshIntervalMinutes="1440" maximumDeletionPercentage="0"> |
| <ldap-provider url="ldap://ldap.abc:389/dc=xyzgroup,dc=com" |
| ident="ldap_XY_intern" |
| key="username" |
| defaultRoles="True" |
| pageSize="500" |
| recursiveSearch="True" |
| generateDn="False" |
| searchFilter="(&(|(departmentNumber=XY-1) |
| (departmentNumber=XY-2)) |
| (mail=*)(sn=*)(objectClass=XYperson))" |
| adoptUsers="True" |
| matchUsersMode="email"> |
| <ldap-authentication |
| type="simple" |
| principal="uid=%,ou=people,dc=xyzgroup,dc=com" |
| url="ldap://defg123.abc:3892/dc=com"> |
| <ldap-query-user |
| name="uid=pkit1,ou=people,ou=project users,dc=com" |
| credentials="pkit1"/> |
| </ldap-authentication> |
| <ldap-query-user |
| name="cn=pkit1,ou=projects,o=XYZ,dc=xyzgroup,dc=com" |
| credentials="projk"/> |
| <ldap-attribute name="username" id="uid"/> |
| <ldap-attribute name="fullname" id="cn"/> |
| <ldap-attribute name="email" id="mail"/> |
| <ldap-attribute name="_KEY" id="uid"/> |
| </ldap-provider> |
| </ldap> |
| </code> |
| |
| //Example// |
| <code> |
| <ldap refreshIntervalMinutes="60" maximumDeletionPercentage="50"> |
| <ldap-provider |
| url="ldap://nu2c001:389/dc=auto,dc=abc,dc=com" |
| key="fullname" |
| defaultRoles="true" |
| recursiveSearch="true" |
| searchFilter="(&(|(memberOf=CN=ABC-Stages-User, |
| OU=Groups Development,OU=Groups,OU=XYZ,DC=auto, DC=abc, |
| DC=com)(memberOf=CN=ABCD-Stages-W, OU=XYZ_Projekt, |
| OU=ABC-Common,OU=Groups,OU=Nuernberg,DC=auto,DC=abc, |
| DC=com)objectClass=person))"> |
| <ldap-authentication |
| type="simple" |
| principal="cn=%,ou=ServiceAccounts,ou=Users,ou=XYZ, |
| dc=auto,dc=abc,dc=com"/> |
| <ldap-query-user name="abc-ldap" credentials="12345"/> |
| <ldap-attribute name="username" id="sAMAccountName"/> |
| <ldap-attribute name="fullname" id="cn"/> |
| <ldap-attribute name="email" id="mail"/> |
| <ldap-attribute name="authenticationUsername" |
| id="distinguishedName"/> |
| </ldap-provider> |
| </ldap> |
| </code> |
| |
| //Example// |
| <code> |
| <ldap-provider ident="abc.def" |
| url="ldap:// abc.def:389/dc=abc,dc=def" |
| key="authenticationUsername" |
| defaultRoles="true" |
| recursiveSearch="true" |
| adoptUsers="true" |
| searchFilter="(memberOf=CN=ABC-Stages,CN=Users,DC=abc, |
| DC=def)"> |
| <ldap-authentication |
| type="simple" |
| principal="%"/> |
| <ldap-query-user name="CN=XYZ,OU=_pkit_completed,OU=Users, |
| OU=AB-DOMAIN,OU=Compelted,DC=abc,DC=def" |
| credentials="12345"/> |
| <ldap-attribute name="username" id="sAMAccountName"/> |
| <ldap-attribute name="fullname" id="displayName"/> |
| <ldap-attribute name="email" id="mail"/> |
| <ldap-attribute name="authenticationUsername" |
| id="distinguishedName"/> |
| </ldap-provider> |
| </ldap> |
| </code> |
| |
| //Example for "ondemand" synchronization// |
| <code> |
| <ldap synchronize="ondemand" synchronizeCronExpression="0 */10 * * * |
| ?" maximumDeletionPercentage="90"> |
| <ldap-provider |
| url="ldap://abc.def:389/dc=abc,dc=def" |
| ident="abc" |
| key="fullname" |
| defaultRoles="true" |
| pageSize="0" |
| generateDn="true" |
| searchFilter="" |
| ondemandFilter="(sAMAccountName=%)" |
| recursiveSearch="true" |
| adoptUsers="true"> |
| <ldap-authentication |
| type="simple" |
| principal="%"> |
| </ldap-authentication> |
| <ldap-attribute name="username" id="sAMAccountName"/> |
| <ldap-attribute name="fullname" id="cn"/> |
| <ldap-attribute name="email" id="mail"/> |
| <ldap-attribute name="_id" id="mail"/> |
| </ldap-provider> |
| </ldap> |
| </code> |
| |
| |