LDAP Server
For that you can use an external database for member authentication, you have to do three things:
- Provide access to the member information stored on the LDAP server and map the member object's attributes the the LDAP attributes retrieved.
- Configure the connection to the LDAP server.
- Tell the system to use the org.hip.vif.member.ldap bundle to authenticate.
1. Mapping
To map the member object's attributes to the object attributes retrieved from the LDAP server, you have to create a XML file with the name 'LDAPOBJECTDEF.xml' and place it in $TOMCAT_HOME/webapps/vifapp/WEB-INF/conf/.
The LDAP server has to provide the following information:
| Attribute | Description | Type | |
| ID | Unique ID identifying the member entry. | Number | mandatory |
| UserID | The member's user name. | String | mandatory |
| Name | The member's family name. | String | mandatory |
| Firstname | The member's firstname. | String | mandatory |
| The member's mail address. | String | mandatory | |
| Sex |
The member's sex. The values have to be coded as follows: male=0, female=1. | Number |
optional |
| City |
The city the member's living. |
String |
optional |
| Street |
The street the member's living. |
String |
optional |
| ZIP |
The postal code of the member's address. |
String |
optional |
|
Tel |
The member's phone number. |
String |
optional |
|
Fax |
The member's fax number. |
String |
optional |
For that you can access the information stored on the LDAP server, you have the map the model object's attributes to the retrieved object attributes. This mapping is done in LDAPOBJECTDEF.xml which is the Object Definition XML of our LDAP member model. In our case, the mapping XML file will look as follows:
<objectDef objectName='Member' parent='org.hip.kernel.bom.DomainObject'
baseDir='ou=users,ou=myunit,ou=auth,o=myorg,c=ch' version='1.0'>
<keyDefs>
<keyDef>
<keyItemDef seq='0' keyPropertyName='ID'/>
</keyDef>
</keyDefs>
<propertyDefs>
<propertyDef propertyName='ID' propertyType='simple'>
<mappingDef columnName='cn'/>
</propertyDef>
<propertyDef propertyName='UserID' propertyType='simple'>
<mappingDef columnName='uid'/>
</propertyDef>
<propertyDef propertyName='Name' propertyType='simple'>
<mappingDef columnName='sn'/>
</propertyDef>
<propertyDef propertyName='Firstname' propertyType='simple'>
<mappingDef columnName='givenName'/>
</propertyDef>
<propertyDef propertyName='Mail' propertyType='simple'>
<mappingDef columnName='mail'/>
</propertyDef>
<propertyDef propertyName='Units' propertyType='composite'>
<mappingDef columnName='ou'/>
</propertyDef>
</propertyDefs>
</objectDef>
The key elements are the propertyDef nodes with the mappingDef childs. With the propertyDef's propertyName attribute you specify the model's attribute that has to be mapped. With the mappingDef's columnName attribute, you set the mapping counterpart.
With the baseDir attribute in the root node you specify the context where the member entries are looked up.
2. Connection configuration
You configure the connection to the LDAP server the same way you configure the connection to the VIF database through the application's configuration. Connection configuration is done with the following settings:
- URL
- LDAP server url and port.
Example: ldaps://ldaps.my.org:636/ - manager DN
- The distinguished name for the manager entry.
Example: cn=manager,ou=admins,ou=auth,o=myorg,c=ch - manager password
- The manager entry's password.
3. Activating the org.hip.vif.member.ldap authenticator
Select the org.hip.vif.member.ldap authenticator on the application's configuration page.