LDAP connection
Connection to Lobster_data
The connection to an LDAP directory service is configured in file ./etc/ldap.xml. Similar to database connections, aliases are used for the different services. In addition, the corresponding section in configuration file ./etc/factory.xml must also be activated.
<Call name="addSource"><Arg>myalias</Arg><Arg> <New class="com.ebd.hub.services.ldap.LDAPProvider"> <Set name="LDAPFactory">com.sun.jndi.ldap.LdapCtxFactory</Set> <Set name="LDAPSourceURL">ldap://<server>:<port>/??base?(objectClass=*)</Set> <Set name="LDAPUser">uid=admin,ou=system</Set> <Set name="LDAPUserPassword">secret</Set> <Set name="LDAPAuthentication">simple</Set> <Set name="idleTime">300000</Set> <Set name="PingLookUp"></Set> <!-- add a watch on object person and send message to System:ldap <Call name="addWatch"><Arg><New class="com.ebd.hub.services.ldap.LDAPWatch"> <Arg>Person</Arg> <Arg>System</Arg> <Arg>ldap</Arg> </New></Arg></Call> --> </New></Arg></Call>
Standard ports: 389 resp. 636 for SSL.
addWatch is not supported by most systems and can stay in comments.
Multiple hosts (LDAPSourceURL) can be specified separated by spaces.
The connection was successful if there are no errors in the file ./logs/services/error.log.
Log in to Lobster_data via directory service
If the login to Lobster_data is performed via a directory service, the following entry must be entered in configuration file ./etc/startup.xml. In addition, a directory service user must be entered in field LDAP ID in the user administration.
<!-- ldap (alias and fallback user name in case of broken ldap server connection --><Call name="configureLDAP"> <Arg type="String">myalias</Arg> <Arg type="String">admin</Arg></Call>
"admin" must be a Lobster_data user, who will be able to log in to Lobster_data if the directory service is not available (fallback user).