|
|
(10 intermediate revisions by the same user not shown) |
Line 1: |
Line 1: |
− | To perfrom a succesfull authentication against a LDAP Server with UBIK, you need to create an instance of each of the following Classes: | + | To perform a successful authentication against an LDAP Server with UBIK, you need to create an instance of all the following classes: |
| | | |
| | | |
− | [[LoginLDAP Object]] | + | ==LDAPLogin== |
− | The Login Object used to authenticate against the LDAP Server
| + | The [[LDAPLogin]] object specifies a single user you want to authenticate. |
| | | |
− | ==LoginName==
| |
− | The name of the Login object.
| |
− | The name of the Login Object must be identical to the one specified on the LDAP Server.
| |
− |
| |
− | ==Use Domain Credentials==
| |
− | This setting must be set to "True" in order to perform your authentication against the LDAP Server. If set to "False" UBIK will perform it´s authentication against the internal UBIK Database.
| |
− |
| |
− | ==Identifier==
| |
− | The Identifier property specifies a "unique identifier" for an object represented in the LDAP Directory. The domain within which the identifier is unique, and the exact semantics of the identifier, are for local definition. Example for valid Identifier: "uid","cn"...
| |
− |
| |
− | ==Searchbase==
| |
− | The Searchbase defines the starting point for the search in the directory tree. A valid Searchbase would be for example: "dc=klu,dc=augmensys"
| |
| | | |
| ==LDAPGroup== | | ==LDAPGroup== |
− | LDAPGroup is a referenceproperty in which the belonging LDAPGroup object needs to get dragged in | + | The [[LDAPGroup]] specifies a group of users represented on a LDAP Server. |
| | | |
− |
| |
− |
| |
− | ==LDAPGroup Object==
| |
− |
| |
− | ==BaseDN==
| |
− | The BaseDN defines the starting point for the search of users of a certain User Group. A valid BaseDN would be for example: "ou=people,dc=klu,dc=augmensys"
| |
− |
| |
− | ==GroupIdentifier==
| |
− | The GroupIdentifier acts as a Filter and is the key element in defining the criteria used to identify entries in search requests.
| |
− | A valid Filter would be: "(&(objectClass=inetOrgPerson)(objectClass=top))"
| |
| | | |
| ==LDAPService== | | ==LDAPService== |
− | LDAPService is a referenceproperty in which the belonging LDAPService object needs to get dragged in.
| + | The [[LDAPService]] describes the actual LDAP Server and holds information about the connection to the LDAP Server and about the Service User. |
− | | + | |
− | | + | |
− | | + | |
− | [[==LDAP Service==]] | + | |
− | | + | |
− | ==BaseproviderURL==
| + | |
− | The url to a LDAP Server you want to authenticate against. A valid LDAP url looks like this: "LDAP://192.168.1.75:389"
| + | |
− | | + | |
− | ==Principal==
| + | |
− | If not defined differently, to authenticate against a LDAP Server you need a Service Account which has the rights to look up the specified LDAP Server.
| + | |
− | A valid DN belongs into the Principal property, for example: "cn=admin,dc=klu,dc=augmensys"
| + | |
− | | + | |
− | ==Credentials==
| + | |
− | The password for the Service Account.
| + | |
− | | + | |
− | ==Searchbase==
| + | |
− | The Searchbase defines the starting point for the search of the Admin User in the directory tree. A valid Searchbase would be for example: "dc=klu,dc=augmensys"
| + | |
To perform a successful authentication against an LDAP Server with UBIK, you need to create an instance of all the following classes: