Installation guide
search

LDAP

LDAP

Property Description Since
ldapConnectionTimeout use this property to specify the maximum timeout to use when establishing the connection with LDAP. It is specified in millisecond and should be an integer number  1.0
ldapQueryForUsers Use this property to specify in which domain from the LDAP the users are located. The domain has to be specified in the inverse order (e.g. DC=knowledge-values, DC=com). The acronyms are:CN = Common NameDC = Domain ComponentOU = Organisational UnitDN = Distinguish Name
To see the options available, you can check the LDAP in wikipedia: https://en.wikipedia.org/wiki/LDAP_Data_Interchange_FormatldapAttributesThis property specifies all the attributes that you want to use from each user. The attributes should be specified separated by semicolons (e.g. displayName; distinguishedName;objectClass)		 1.0
 ldapUseSSL Set it to "true" to open an SSL connection with the LDAP server

Default "false".

  1.0
 ldapServerHostname LDAP server hostname  1.0
 ldapServerPort LDAP server port  1.0
 ldapUsernameQueryPlaceholder set it to "%%username%%"  1.0
 ldapUPNQueryTemplate set it to "(userPrincipalName=%%username%%)" 1.0
 ldapSAMQueryTemplate set it to "(sAMAccountName=%%username%%)" 1.0
 ldapAttributes semicolon separated list of attributes to be retrieved from LDAP 1.0
 ldapGroupMapping_<LdapGroup> Maps the group <LdapGroup> on LDAP to an MEWP group. Possible values are USER OR ADMIN. This property has to be written multiple times for each LDAP group

Example:

  • ldapGroupMapping_MEWPAdmins = MWP_ADMIN
  • ldapGroupMapping_MEWPUsers = USER

Users member of MEWPAdmins on LDAP will be in MWP_ADMIN in MEWP, those in MEWPUsers will be in USERS.

 1.0
ldapCredentialsUsername indicates the username that you need to use in order to connect with LDAP 1.0
ldapCredentialsPassword indicates the password that you need to use in order to connect with LDAP 1.0
ldapDomain optional LDAP domain that will be joined to the username if no other domain is specified. e.g. @knowledge-values.com or KNOWLEDGEVALUES\\ (mind the double backslash) dev

More informations

These examples show how the parameters are used

The following is the query to retrieve the basic user's informations

ldapsearch -h ldap.server -p 389 -D user@knowledge-values.com -w 'password' -b 'CN=Users,DC=knowledge-values,DC=com' -s 'sub' '(userPrincipalName=user@knowledge-values.com)

ldapsearch -h ldap.server -p 389 -D user@knowledge-values.com -w 'password' -b 'CN=Users,CN=Users,DC=knowledge-values,DC=com' -s 'sub' '(cn=*)’

ldapsearch -h ldap.server -p 389 -D user@knowledge-values.com -w 'password' -b 'CN=PlayerAdmin,CN=Users,DC=knowledge-values,DC=com' -s 'sub' '(cn=*)’

  • the username and password in green are the credentials from the user
  • the parameter in red is the value of ldapQueryForUsers
  • the filter in blue is the content of ldapUPNQueryTemplate (or ldapSAMQueryTemplate if you use SAM) with the username replaced
  • the parameter in purple is the content of user's “memberOf”

To troubleshoot configuration problem check the colors above with the configuration example:

ldapServerHostname           = ldap.server
ldapServerPort               = 389
ldapConnectionTimeout        = 5000
ldapQueryForUsers            = CN=Users,DC=knowledge-values,DC=com
ldapUsernameQueryPlaceholder = %%username%%
ldapUPNQueryTemplate         = (userPrincipalName=%%username%%)
ldapSAMQueryTemplate         = (sAMAccountName=%%username%%)
ldapAttributes               = displayName; distinguishedName;objectClass
ldapGroupMapping_Users       = USER
ldapGroupMapping_PlayerAdmin = MWP_ADMIN
ldapCredentialsUsername      = …
ldapCredentialsPassword      = …
ldapDomain                   = @knowledge-values.com