Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
72:ldap_ex_config [2018/07/16 15:41] – [Example Configurations] bkkr72:ldap_ex_config [2018/10/25 17:54] emr
Line 6: Line 6:
  
 <code> <code>
-<ldap refreshIntervalMinutes="120" maximumDeletionPercentage="0">+<ldap refreshIntervalMinutes="120" maximumDeletionPercentage="5">
  <ldap-provider  <ldap-provider
  url=ldap://server.example.com:389/dc=domain,dc=example,dc=com  url=ldap://server.example.com:389/dc=domain,dc=example,dc=com
Line 42: Line 42:
 //Example// //Example//
 <code> <code>
-<ldap refreshIntervalMinutes="1440" maximumDeletionPercentage="0">+<ldap refreshIntervalMinutes="1440" maximumDeletionPercentage="5">
 <ldap-provider url="ldap://ldap.abc:389/dc=xyzgroup,dc=com" <ldap-provider url="ldap://ldap.abc:389/dc=xyzgroup,dc=com"
 ident="ldap_XY_intern" ident="ldap_XY_intern"
Line 50: Line 50:
 recursiveSearch="True" recursiveSearch="True"
 generateDn="False" generateDn="False"
-searchFilter="(&amp;(|(departmentNumber=XY-1)+searchFilter="(&(|(departmentNumber=XY-1)
  (departmentNumber=XY-2))  (departmentNumber=XY-2))
  (mail=*)(sn=*)(objectClass=XYperson))"  (mail=*)(sn=*)(objectClass=XYperson))"
Line 82: Line 82:
 defaultRoles="true" defaultRoles="true"
 recursiveSearch="true" recursiveSearch="true"
-searchFilter="(&amp;(|(memberOf=CN=ABC-Stages-User,+searchFilter="(&(|(memberOf=CN=ABC-Stages-User,
 OU=Groups Development,OU=Groups,OU=XYZ,DC=auto, DC=abc, OU=Groups Development,OU=Groups,OU=XYZ,DC=auto, DC=abc,
 DC=com)(memberOf=CN=ABCD-Stages-W, OU=XYZ_Projekt, DC=com)(memberOf=CN=ABCD-Stages-W, OU=XYZ_Projekt,
Line 102: Line 102:
  
 //Example// //Example//
 +<code>
 + <ldap-provider ident="abc.def"
 + url="ldap:// abc.def:389/dc=abc,dc=def"
 +key="authenticationUsername"
 +defaultRoles="true"
 +recursiveSearch="true"
 +adoptUsers="true"
 +searchFilter="(memberOf=CN=ABC-Stages,CN=Users,DC=abc,
 + DC=def)">
 + <ldap-authentication
 +type="simple"
 +principal="%"/>
 +<ldap-query-user name="CN=XYZ,OU=_pkit_completed,OU=Users,
 + OU=AB-DOMAIN,OU=Compelted,DC=abc,DC=def"
 + credentials="12345"/>
 +<ldap-attribute name="username" id="sAMAccountName"/>
 +<ldap-attribute name="fullname" id="displayName"/>
 +<ldap-attribute name="email" id="mail"/>
 +<ldap-attribute name="authenticationUsername"
 + id="distinguishedName"/>
 + </ldap-provider>
 +</ldap>
 +</code>
 +
 +//Example for "ondemand" synchronization//
 +<code>
 +    <!-- Configuration for LDAP with Ondemand Account Creation.
 +         This config works with an MS Active Directory server.
 +         For other servers, the attribute names might need to be changed. -->
 +          <!-- Synchronize every Saturday 03:30AM -->
 +    <ldap synchronizeCronExpression="0 30 3 ? * SAT" maximumDeletionPercentage="5"
 +          synchronize="ondemand" synchronizeOnStartup="false">
 +        <ldap-provider
 +                    url="ldap://LDAPSERVER.com:389/dc=CUSTOMER,dc=com"
 +                    ident="LDAP Primary Ondemand Server"
 +                    key="authenticationUsername"
 +                    defaultRoles="true"
 +                    defaultRolesUsername="default"
 +                    defaultLicenseType="FloatingDev"
 +                    pageSize="500"
 +                    generateDn="false"
 +                    ondemandFilter="(&amp;(sAMAccountName=%)(objectClass=user))"
 +                    recursiveSearch="true">
 +                    <ldap-authentication type="simple" principal="%"/>
 +
 +                    <ldap-attribute name="username" id="sAMAccountName"/>
 +                    <ldap-attribute name="fullname" id="displayName"/>
 +                    <ldap-attribute name="email" id="mail"/>
 +                    <ldap-attribute name="authenticationUsername" id="distinguishedName"/>
 +
 +                    <ldap-query-user name="cn=LDAP Account,ou=Users,dc=CUSTOMER,dc=com" credentials="PASSWORD" />
 +            </ldap-provider>
 +    </ldap>
 +</code>