Pages

Subscribe:

Ads 468x60px

Labels

顯示具有 LDAP 標籤的文章。 顯示所有文章
顯示具有 LDAP 標籤的文章。 顯示所有文章

2015年9月17日 星期四

LDAP and Active Directory user examples

資料來源
The examples described here has been shared by OpenKM users and should be taken with care.

Jboss LDAP example 1

LDAP Structure
dc=fr
   dc=soc
      ou=groups
         cn=UserRole, objectClass=posixGroup, memberUid = jack, memberUid = joe
         cn=AdminRole, objectClass=posixGroup, memberUid = jack
      ou=people
         ou=intern
            cn = jack, objectClass=inetOrgperson, uid = jack
            cn = joe, objectClass=inetOrgperson, uid = joe
Configuration parameters
principal.adapter=com.openkm.principal.LdapPrincipalAdapter
principal.database.filter.inactive.users=true
principal.ldap.mail.attribute=mail
principal.ldap.mail.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.mail.search.filter=(&(objectClass=inetOrgPerson)(cn={0}))
principal.ldap.referral=follow
principal.ldap.role.attribute=cn
principal.ldap.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.role.search.filter=(objectClass=posixGroup)
principal.ldap.roles.by.user.attribute=cn
principal.ldap.roles.by.user.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.roles.by.user.search.filter=(memberUid={0})
principal.ldap.security.credentials?xxxxxx
principal.ldap.security.principal=cn=admin,dc=soc,dc=fr
principal.ldap.server=ldap://192.168.xxx.xxx:389
principal.ldap.user.attribute=cn
principal.ldap.user.search.base=ou=intern,ou=users,dc=soc,dc=fr
principal.ldap.user.search.filter=(objectClass=inetOrgPerson)
principal.ldap.users.by.role.attribute=memberUid
principal.ldap.users.by.role.search.base=ou=groups,dc=soc,dc=fr
principal.ldap.users.by.role.search.filter=(&(objectClass=posixGroup)(cn={0}))
system.login.lowercase=true
login-config.xml
 name="OpenKM">
   >
       code="org.jboss.security.auth.spi.LdapExtLoginModule" flag="required" >
          name="java.naming.provider.url">ldap://192.168.xxx.xxx:389
> name="java.naming.security.authentication">simple> name="bindDN">cn=admin,dc=soc,dc=fr> name="bindCredential">******> name="baseCtxDN">ou=intern,ou=users,dc=soc,dc=fr> name="baseFilter">(uid={0})> name="rolesCtxDN">ou=groups,dc=soc,dc=fr> name="roleFilter">(memberUid={0})> name="roleAttributeID">cn> name="roleAttributeIsDN">false> name="roleRecursion">-1> name="searchScope">SUBTREE_SCOPE> name="allowEmptyPasswords">false> > > >