Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
72:ldap_ex_config [2018/07/16 15:39] – [Example Configurations] bkkr72:ldap_ex_config [2024/02/15 00:00] (current) – external edit 127.0.0.1
Line 6: Line 6:
  
 <code> <code>
-<ldap refreshIntervalMinutes="120" maximumDeletionPercentage="0">+ 
 +<ldap refreshIntervalMinutes="120" maximumDeletionPercentage="5">
  <ldap-provider  <ldap-provider
  url=ldap://server.example.com:389/dc=domain,dc=example,dc=com  url=ldap://server.example.com:389/dc=domain,dc=example,dc=com
Line 37: Line 38:
  
 The user for the LDAP-queries is named “queryuser“ and has the password "pass“ (<ldap-query-user name="queryuser" credentials="pass"/>). The user for the LDAP-queries is named “queryuser“ and has the password "pass“ (<ldap-query-user name="queryuser" credentials="pass"/>).
 +
 +**Further Examples **
 +
 +//Example//
 +<code>
 +<ldap refreshIntervalMinutes="1440" maximumDeletionPercentage="5">
 +<ldap-provider url="ldap://ldap.abc:389/dc=xyzgroup,dc=com"
 +ident="ldap_XY_intern"
 +key="username"
 +defaultRoles="True"
 +pageSize="500"
 +recursiveSearch="True"
 +generateDn="False"
 +searchFilter="(&(|(departmentNumber=XY-1)
 + (departmentNumber=XY-2))
 + (mail=*)(sn=*)(objectClass=XYperson))"
 +adoptUsers="True"
 +matchUsersMode="email">
 +<ldap-authentication
 +type="simple"
 +principal="uid=%,ou=people,dc=xyzgroup,dc=com"
 +url="ldap://defg123.abc:3892/dc=com">
 +<ldap-query-user
 +name="uid=pkit1,ou=people,ou=project users,dc=com"
 + credentials="pkit1"/>
 + </ldap-authentication>
 + <ldap-query-user
 + name="cn=pkit1,ou=projects,o=XYZ,dc=xyzgroup,dc=com"
 + credentials="projk"/>
 + <ldap-attribute name="username" id="uid"/>
 + <ldap-attribute name="fullname" id="cn"/>
 + <ldap-attribute name="email" id="mail"/>
 + <ldap-attribute name="_KEY" id="uid"/>
 +</ldap-provider>
 +</ldap>
 +</code>
 +
 +//Example//
 +<code>
 +<ldap refreshIntervalMinutes="60" maximumDeletionPercentage="50">
 + <ldap-provider
 +url="ldap://nu2c001:389/dc=auto,dc=abc,dc=com"
 +key="fullname"
 +defaultRoles="true"
 +recursiveSearch="true"
 +searchFilter="(&(|(memberOf=CN=ABC-Stages-User,
 +OU=Groups Development,OU=Groups,OU=XYZ,DC=auto, DC=abc,
 +DC=com)(memberOf=CN=ABCD-Stages-W, OU=XYZ_Projekt,
 +OU=ABC-Common,OU=Groups,OU=Nuernberg,DC=auto,DC=abc,
 +DC=com)objectClass=person))">
 +<ldap-authentication
 +type="simple"
 +principal="cn=%,ou=ServiceAccounts,ou=Users,ou=XYZ,
 + dc=auto,dc=abc,dc=com"/>
 +<ldap-query-user name="abc-ldap" credentials="12345"/>
 +<ldap-attribute name="username" id="sAMAccountName"/>
 +<ldap-attribute name="fullname" id="cn"/>
 +<ldap-attribute name="email" id="mail"/>
 +<ldap-attribute name="authenticationUsername"
 + id="distinguishedName"/>
 + </ldap-provider>
 +</ldap>
 +</code>
 +
 +//Example//
 +<code>
 +<ldap refreshIntervalMinutes="60" maximumDeletionPercentage="10">
 + <ldap-provider ident="abc.def"
 + url="ldap:// abc.def:389/dc=abc,dc=def"
 +key="authenticationUsername"
 +defaultRoles="true"
 +recursiveSearch="true"
 +adoptUsers="true"
 +searchFilter="(memberOf=CN=ABC-Stages,CN=Users,DC=abc,
 + DC=def)">
 + <ldap-authentication
 +type="simple"
 +principal="%"/>
 +<ldap-query-user name="CN=XYZ,OU=_pkit_completed,OU=Users,
 + OU=AB-DOMAIN,OU=Compelted,DC=abc,DC=def"
 + credentials="12345"/>
 +<ldap-attribute name="username" id="sAMAccountName"/>
 +<ldap-attribute name="fullname" id="displayName"/>
 +<ldap-attribute name="email" id="mail"/>
 +<ldap-attribute name="authenticationUsername"
 + id="distinguishedName"/>
 + </ldap-provider>
 +</ldap>
 +</code>
 +
 +//Example for "ondemand" synchronization//
 +<code>
 +    <!-- Configuration for LDAP with Ondemand Account Creation.
 +         This config works with an MS Active Directory server.
 +         For other servers, the attribute names might need to be changed. -->
 +          <!-- Synchronize every Saturday 03:30AM -->
 +    <ldap synchronizeCronExpression="0 30 3 ? * SAT" maximumDeletionPercentage="5"
 +          synchronize="ondemand" synchronizeOnStartup="false">
 +        <ldap-provider
 +                    url="ldap://LDAPSERVER.com:389/dc=CUSTOMER,dc=com"
 +                    ident="LDAP Primary Ondemand Server"
 +                    key="authenticationUsername"
 +                    defaultRoles="true"
 +                    defaultRolesUsername="default"
 +                    defaultLicenseType="FloatingDev"
 +                    pageSize="500"
 +                    generateDn="false"
 +                    ondemandFilter="(&amp;(sAMAccountName=%)(objectClass=user))"
 +                    recursiveSearch="true">
 +                    <ldap-authentication type="simple" principal="%"/>
 +
 +                    <ldap-attribute name="username" id="sAMAccountName"/>
 +                    <ldap-attribute name="fullname" id="displayName"/>
 +                    <ldap-attribute name="email" id="mail"/>
 +                    <ldap-attribute name="authenticationUsername" id="distinguishedName"/>
 +
 +                    <ldap-query-user name="cn=LDAP Account,ou=Users,dc=CUSTOMER,dc=com" credentials="PASSWORD" />
 +            </ldap-provider>
 +    </ldap>
 +</code>