Document Search
Article Information
Since Version: 1.6.5Tags: LDAP Configuration
Updated: 2/5/2010 9:14:46 AM
By: Dean Gonzalez
Doc id: 148510
Print Page:
| Performance Tuning |
LDAP Configuration
To configure the dotCMS to integrate with LDAP you should create a plugin to overwrite the portal-properties file. The following configuration will work with any LDAP v3 directory server. ie.. Active Directory, eDirectory, or Sun Directory Server.
How does it work
LDAP works are a pre hook to authentication. Every time a user logs in it will query the LDAP server and sync the user information and group information to the dotCMS. Then the dotCMS will authenticate and authorize the user. The recommended way to integrate into LDAP is to create dotCMS groups. Then create those groups in LDAP. Make sure that the group attribute on the user, see configuration below, returns these users. As noted below you can uf the regular expression and strip to organize these groups.
Configuration
auth.pipeline.pre=com.dotmarketing.auth.impl.LDAPImpl
auth.impl.ldap.initial.context.factory=com.sun.jndi.ldap.LdapCtxFactory
#Set SSL if you are using LDAPS or leave blank
auth.impl.ldap.security.authentication=
#Note: Set path to keystore with root server cert imported or leave blank
auth.impl.ldap.security.keystore.path=
auth.impl.ldap.host=192.168.1.34
auth.impl.ldap.port=389
#Note this should be full dn of user
auth.impl.ldap.userid=cn=xxxxxx,ou=Users,dc=miami,dc=dotcms,dc=org
auth.impl.ldap.password=xxxxxxx
auth.impl.ldap.domainlookup=dc=miami,dc=dotcms,dc=org
auth.impl.build.groups=true
#Note The filter will allow you to only pull groups which match teh following regular expression
auth.impl.ldap.build.group.name.filter=^dotcms_(.*)
#Note Prefix the dotcms should strip from group name. Leave blank to not strip any prefix.
#So if your group in LDAP was dotcms_CMS_Administrators the actual dotCMS group would be just CMS_Administrator
auth.impl.ldap.build.group.name.filter.strip=dotcms_
#If you set to false any user created from LDAP will not be able to log into the dotCMS if LDAP is not availible.
auth.impl.ldap.syncPassword=true
#The following attributes can be used to match up dotCMS user properties to LDAP Attributes.
#Uncomment all attributes.
#If you leave the attribute blank then it will not be synced from LDAP.
#NOTE: YOU CANNOT HAVE A GROUP NAME WITH AN "=" IN IT
auth.impl.ldap.attrib.user=samAccountName
auth.impl.ldap.attrib.firstName=givenName
auth.impl.ldap.attrib.middleName=middleName
auth.impl.ldap.attrib.lastName=sn
auth.impl.ldap.attrib.nickName=
auth.impl.ldap.attrib.email=mail
auth.impl.ldap.attrib.gender=
auth.impl.ldap.attrib.group=memberOf
| Performance Tuning |
Post a Comment