Stages Documentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Last revisionBoth sides next revision
72:ldap_config_authenication [2018/07/16 14:52] – [Configuring Authentication] bkkr72:ldap_config_authenication [2018/09/04 20:37] – [Configuring Authentication] emr
Line 7: Line 7:
 === Specifying a Query User === === Specifying a Query User ===
  
-A query user can be specified using the optional<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap</font><font inherit/Courier New,Courier,monospace;;inherit;;inherit>-query-user</font> tag. This tag has to be nested inside an ldap-provider tag as shown below:+A query user can be specified using the optional <font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap</font><font inherit/Courier New,Courier,monospace;;inherit;;inherit>-query-user</font> tag. This tag has to be nested inside an ldap-provider tag as shown below:
  
 <code> <code>
-<ldap-provider url=SERVER_URL“ key=AUTHENTICATION_KEY>+<ldap-provider url="SERVER_URLkey="AUTHENTICATION_KEY">
  
- <ldap-query-user name="SOME_NAME" credentials="SOME_ +   <ldap-query-user name="USERNAME" credentials="PASSWORD"/>
-credentials"/>+
  …  …
 </ldap-provider> </ldap-provider>
Line 20: Line 19:
 The ldap-query-user tag has two required attributes: The ldap-query-user tag has two required attributes:
  
-  * name +  * name: the DN (DN = Distinguished Name) of a user with read access to the LDAP directory 
-  * credentials+  * credentials: the password of the above user
  
 //NOTE//: If no query user is specified then an anonymous bind is used to connect to the LDAP directory. //NOTE//: If no query user is specified then an anonymous bind is used to connect to the LDAP directory.
Line 31: Line 30:
 The distinguished name can be set directly to the name attribute as shown in the example below: The distinguished name can be set directly to the name attribute as shown in the example below:
  
-''<font inherit/Courier New,Courier,monospace;;inherit;;inherit><ldap-query-user name="cn=pkit1,o=XYZ,dc=xyzgroup,dc=com"credentials=_ckgedit_QUOT__ckgedit____>/>__</font>''+''<font inherit/Courier New,Courier,monospace;;inherit;;inherit><ldap-query-user name="cn=pkit1,o=XYZ,dc=xyzgroup,dc=com" credentials="somepw"/></font>''
  
 If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user. If the name attribute does not contain an equal sign (‘=’) or a comma (‘,’), then this value is set to the authentication schema in order to build up the distinguished name of the special query user.
Line 48: Line 47:
  
 <code> <code>
-<ldap-provider url=SERVER_URL“ key=AUTHENTICATION_KEY>+<ldap-provider url="SERVER_URLkey="AUTHENTICATION_KEY">
  
-<ldap-authentication type="simple" principal="SOME_PRINCIPAL"/>+  <ldap-authentication type="simple" principal="SOME_PRINCIPAL"/>
  
 </ldap-provider> </ldap-provider>
Line 68: Line 67:
 The <font inherit/Courier New,Courier,monospace;;inherit;;inherit>principal</font>attribute holds a schema to build up the distinguished name for user authentication. The special character “%“ is used to specify where to set in the user’s fullname or username to build the corresponding distinguished name. The <font inherit/Courier New,Courier,monospace;;inherit;;inherit>principal</font>attribute holds a schema to build up the distinguished name for user authentication. The special character “%“ is used to specify where to set in the user’s fullname or username to build the corresponding distinguished name.
  
-Example: ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>principal=“cn=%,cn=Users,dc=adtest,dc=methodpark,dc=de“</font>''+Example: ''<font inherit/Courier New,Courier,monospace;;inherit;;inherit>principal=“cn=%,cn=Users,dc=company,dc=com“</font>''
  
 //NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema. //NOTE//: It depends on the value of the key attribute of the ldap-provider tag whether the user’s fullname or username will be set into the schema.
Line 74: Line 73:
 **The optional URL Attribute** **The optional URL Attribute**
  
-The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[:72:false|url=“ldap://authsrv.methodpark.de:389/cn=Users,dc=methodpark,dc=de]]+The ldap-authentication tag comes with the optional url attribute. The attribute can be used to set the URL of the authentication server if synchronization and authentication is done on different machines. An exemplary url attribute value is given below: [[:72:false|url=“ldap://authsrv.methodpark.de:389/cn=Users,dc=]]company,dc=com
  
 //NOTE//: To allow authentication via SSL, set the prefix “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap</font>“ to “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldaps</font>“. //NOTE//: To allow authentication via SSL, set the prefix “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldap</font>“ to “<font inherit/Courier New,Courier,monospace;;inherit;;inherit>ldaps</font>“.