WebsiteJresearch Software Blog
Using LDAP with Flexess (Part 1)
Mar 02, 2009 by Stanislav Spiridonov
As you know from the previous post, Flexess can be optioinally integrated with any User Management system to authenticate users and retrieve user attributes to check constraints. In this post we will review the general features of the Flexess LDAP connector.
LDAP user management for Flexess enables the use of user profiles and their authentication against a general LDAP. For general information about UMI connectors, managing UMI connections and setting up applications, see the User Management Interface section in the Flexess Development Guide.
The implemented LDAP UMI Connector provides the following functionality
- Access to user profiles stored on the LDAP server.
- Parameterized searching in LDAP.
- User authentication against LDAP.
- User paging on the LDAP side by RFC 2696 or Virtual List Views.
- Auto-selection of the paging mechanism.
- Flexible user attribute retrieving (by object class with exclude and include lists).
- Attribute name mapping from LDAP to Flexess namespace.
- Setup helpers - suffix retrieval, showing server capabilities, attribute name retrieval.
Prerequisites.
Before setting up the LDAP UMI connection you need to collect all the information listed in following table:| Field | Description | Example |
| Host name | The name or IP of the host where LDAP is located | localhost |
| Port number | The port number for LDAP | 389 |
| User DN and password to access LDAP server | LDAP UMI connector uses the given account to connect and retrieve information. As an alternative you can use anonymous access | cn=Directory Manager |
| Base DN (optional) | Path inside LDAP to the user subtree. The must contain at least one of the configured suffixes. If you omit these settings on the first step, the connection is not created successfully but the status message contains all accessible suffixes. | dc=example,dc=com |
| User object class | To retrieve users from LDAP the UMI LDAP connector should have criteria set up in order to select the right records. This can be done using the record object class. Usually user records have at least a "person" object class. | person, inetOrgPerson |
Post a Comment:
Comments are closed for this entry.
