Skip to Content

Changes for page org.clazzes.login.ldap

Last modified by wolfgang_glas@iteg_at on 2018-08-25 09.26:23
From version 5.1
edited by wolfgang_glas@iteg_at
on 2013-02-22 08.34:02
Change comment: Migrated to Confluence 5.3
To version 7.1
edited by wolfgang_glas@iteg_at
on 2018-08-25 09.26:23
Change comment: There is no comment for this version

Summary

Details

Page properties
Content
... ... @@ -1,21 +1,7 @@
1 -The ldap-login-service is provided as an OSGi bundle, which may be activated by
1 += {{id name="org.clazzes.login.ldap-Functionality"/}}Functionality =
2 2  
3 -(% class="code" %)
4 -(((
5 -obr:addurl http:~/~/maven.clazzes.org/repository.xml
6 -obr:deploy ldap-login-service
7 -)))
3 +
8 8  
9 -The maven artifact is:
10 -
11 -(% class="code" %)
12 -(((
13 -<groupId>org.clazzes.login</groupId>
14 -<artifactId>ldap-login-service</artifactId>
15 -)))
16 -
17 -=== {{id name="org.clazzes.login.ldap-Functionality"/}}Functionality ===
18 -
19 19  The LDAP login service authenticates against users in an ADS domain or against users in an LDAP server configured for an individual domain.
20 20  
21 21  The function {{code language="none"}}tryLogin(){{/code}} needs credentials if run against a legacy LDAP Server.
... ... @@ -24,7 +24,7 @@
24 24  
25 25  The functions {{code language="none"}}searchUser(){{/code}}, {{code language="none"}}getGroups(){{/code}}, {{code language="none"}}getGroupMembers(){{/code}} need bind credentials and will only work in AD DS environments.
26 26  
27 -=== {{id name="org.clazzes.login.ldap-SampleConfigurationforauthenticationagainstanADS-Domain"/}}Sample Configuration for authentication against an ADS-Domain{{id name="org.clazzes.login.ldap-sampleAdsConfig"/}} ===
13 += {{id name="org.clazzes.login.ldap-SampleConfigurationforauthenticationagainstanADS-Domain"/}}Sample Configuration for authentication against an ADS-Domain{{id name="org.clazzes.login.ldap-sampleAdsConfig"/}} =
28 28  
29 29  The following sample configuration is the most common configuration OSGi configuration in PID {{code language="none"}}org.clazzes.login.ldap{{/code}}, which allows you to authenticate users against an Active Directory Domain.
30 30  
... ... @@ -32,6 +32,7 @@
32 32  
33 33  In our example we use {{code language="none"}}EXAMPLE{{/code}} as the Windows/NetBIOS domain name with its DNS counterpart {{code language="none"}}example.com{{/code}}.
34 34  
21 +(% class="wrapped" %)
35 35  |=(((
36 36  (% class="tablesorter-header-inner" %)
37 37  (((
... ... @@ -71,10 +71,11 @@
71 71  {{/code}}
72 72  )))
73 73  
74 -=== {{id name="org.clazzes.login.ldap-DetailedConfiguration"/}}Detailed Configuration ===
61 += {{id name="org.clazzes.login.ldap-DetailedConfiguration"/}}Detailed Configuration =
75 75  
76 76  The LDAP login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.ldap{{/code}} using these configuration values:
77 77  
65 +(% class="wrapped" %)
78 78  |=(((
79 79  (% class="tablesorter-header-inner" %)
80 80  (((
... ... @@ -171,13 +171,33 @@
171 171  )))|(((
172 172  The LDAP attribute to try to use as primary e-mail address for users.
173 173  )))
162 +|(((
163 +{{code language="none"}}
164 +domain.<domain>.mobileAttribute
165 +{{/code}}
166 +)))|(((
167 +\\
168 +)))|(((
169 +The LDAP attribute to try to use as mobile phone number for users. This number is used to send ephemerals OTP for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value {{code language="none"}}mobile{{/code}} in order to activate ephemeral OTP two-factor-authentication.
170 +)))
171 +|(((
172 +{{code language="none"}}
173 +domain.<domain>.tokenIdsAttribute
174 +{{/code}}
175 +)))|(((
176 +\\
177 +)))|(((
178 +The LDAP attribute to try to use as a space separated list of 12-character YubiKey token IDs (like {{code language="none"}}cccccceiiuch{{/code}}) for users. These token IDs are used to check token OTPs for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value {{code language="none"}}pager{{/code}} in order to activate token-based OTP two-factor-authentication.
179 +)))
174 174  
175 175  There may be multiple domains in a configuration.
176 176  
177 -=== {{id name="org.clazzes.login.ldap-ControllerSchemes"/}}Controller Schemes ===
183 +== {{id name="org.clazzes.login.ldap-ControllerSchemes"/}}Controller Schemes ==
178 178  
179 179  The URL schemes for a domain controller are ldap, ldaps and ads.
180 180  
187 +=== {{id name="org.clazzes.login.ldap-ADScontrollerscheme"/}}ADS controller scheme ===
188 +
181 181  The {{code language="none"}}ads{{/code}} URL scheme for the URL {{code language="none"}}ads://mydomain.com{{/code}} undertakes a lookup for the DNS records
182 182  
183 183  (% class="code" %)
... ... @@ -188,4 +188,30 @@
188 188  
189 189  to auto-detect the apropriate {{code language="none"}}ldap(s){{/code}} URI.
190 190  
199 +=== {{id name="org.clazzes.login.ldap-LDAPcontrollerscheme"/}}LDAP controller scheme ===
200 +
201 +When directly specifying the LDAP-Server using an URL like {{code language="none"}}ldap://ldap-01.mydomain.com{{/code}} it is possible to specify the baseDN for searches using a pseudo-path like in {{code language="none"}}ldap://ldap-01.mydomain.com/dc=mydomain,dc=com{{/code}}
202 +
203 += {{id name="org.clazzes.login.ldap-ManualinstallationinOSGicontainer"/}}Manual installation in OSGi container =
204 +
205 +I some software product has pointed to this page for configuration details, the bundle is probably already installed in the OSGi container the software product runs in.
206 +
207 +OSGi administrators maintaining an individual OSGi container can install the ldap-login-service bundle using these osgi commands:
208 +
209 +(% class="code" %)
210 +(((
211 +obr:addurl http:~/~/maven.clazzes.org/repository.xml
212 +obr:deploy ldap-login-service
213 +)))
214 +
215 += {{id name="org.clazzes.login.ldap-Developerinformation"/}}Developer information =
216 +
217 +The maven artifact is:
218 +
219 +(% class="code" %)
220 +(((
221 +<groupId>org.clazzes.login</groupId>
222 +<artifactId>ldap-login-service</artifactId>
223 +)))
224 +
191 191  
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688964
1 +688656
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688964/org.clazzes.login.ldap
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688656/org.clazzes.login.ldap