LDAP Integration

# > Public Section (English) > Administrator's Guide > LDAP Integration

Description

LDAP Integration

Project Kaiser supports LDAP authentication using one or multiple LDAP directories. To make LDAP authentication working administrator should create authenticator in Administration / Security / Authenticators.

Authenticator works as follows. If user enters login name which contains character '@', e.g. ivan@mycompany, then system tries to find an authenticator which key is equal to login domain name ( mycompany in the given example). If authenticator is found it is used to check user password.

If LDAP server has more than one directory, additinal authenticator with key mycompany-sales would allow to use logins like paul@mycompany-sales.

When authenticator is created system generates text property files which should be configured according to particular needs.

LDAP Server URL

host = ldap://localhost:389

On-the-fly User Creation

onTheFlyCreation = 1

If 1, then user account is created automatically during the first time user logs in Project Kaiser.

Lookup Directory

This is the directory which contains user records

lookupDirectory = ou=People,dc=maxcrc,dc=com 

Other examples:

lookupDirectory = ou=people,o=company
lookupDirectory = CN=users,DC=host,DC=domain,DC=org
lookupDirectory = DC=DepartmentName,DC=OrganizationName,DC=local 

User Filter

Filter which is used to find particular user by login inside lookup directory

userFilter = uid={0}

User Distinguished Name

User DN - template to build user distinguished name, this value and password are passed to LDAP server.

userDN = uid={0}, ou=People, dc=maxcrc, dc=com

It is possible to use parameters like "{n}"

ParameterValueExample, for ivan@maxcrc.com 
{0}User idivan
{1}Password
{2}Domenmaxcrc.com
{3}Entire login nameivan@maxcrc.com 

Read Users Account

This account is used to read users email and display name.

accountToReadUserInfo  = cn=Manager,dc=maxcrc,dc=com
accountToReadUserInfoPwd = secret

If users are allowed to read info about themselves, it is possible to use:

accountToReadUserInfo  = uid={0}, ou=People, dc=maxcrc, dc=com
accountToReadUserInfoPwd = {1}

User Attributes

Project Kaiser tries to read two attributes, mail and display name:

userMailAttr = mail
userDisplayNameAttr = displayName

Copyright(c) Triniforce 2006-2018
Created: maxim.ge 2/18/16 6:25 PM; Modified: maxim.ge 2/23/16 12:02 PM
This is print-friendly version of "LDAP Integration".
Powered by Project Kaiser - Project management and issue tracking software
User:Guest