Skip to Content

Changes for page org.clazzes.login.ldap

Last modified by wolfgang_glas@iteg_at on 2018-08-25 09.26:23
From version 7.1
edited by wolfgang_glas@iteg_at
on 2018-08-25 09.26:23
Change comment: There is no comment for this version
To version 2.1
edited by christoph_lechleitner@iteg_at
on 2012-11-20 10.50:45
Change comment: There is no comment for this version

Summary

Details

Page properties
Author
... ... @@ -1,1 +1,1 @@
1 -XWiki.wolfgang_glas@iteg_at
1 +XWiki.christoph_lechleitner@iteg_at
Content
... ... @@ -1,7 +1,21 @@
1 -= {{id name="org.clazzes.login.ldap-Functionality"/}}Functionality =
1 +The ldap-login-service is provided as an OSGi bundle, which may be activated by
2 2  
3 -
3 +(% class="code" %)
4 +(((
5 +obr:addurl http:~/~/maven.clazzes.org/repository.xml
6 +obr:deploy ldap-login-service
7 +)))
4 4  
9 +The maven artifact is:
10 +
11 +(% class="code" %)
12 +(((
13 +<groupId>org.clazzes.login</groupId>
14 +<artifactId>ldap-login-service</artifactId>
15 +)))
16 +
17 +=== {{id name="org.clazzes.login.ldap-Functionality"/}}Functionality ===
18 +
5 5  The LDAP login service authenticates against users in an ADS domain or against users in an LDAP server configured for an individual domain.
6 6  
7 7  The function {{code language="none"}}tryLogin(){{/code}} needs credentials if run against a legacy LDAP Server.
... ... @@ -10,59 +10,10 @@
10 10  
11 11  The functions {{code language="none"}}searchUser(){{/code}}, {{code language="none"}}getGroups(){{/code}}, {{code language="none"}}getGroupMembers(){{/code}} need bind credentials and will only work in AD DS environments.
12 12  
13 -= {{id name="org.clazzes.login.ldap-SampleConfigurationforauthenticationagainstanADS-Domain"/}}Sample Configuration for authentication against an ADS-Domain{{id name="org.clazzes.login.ldap-sampleAdsConfig"/}} =
27 +=== {{id name="org.clazzes.login.ldap-Configuration"/}}Configuration ===
14 14  
15 -The following sample configuration is the most common configuration OSGi configuration in PID {{code language="none"}}org.clazzes.login.ldap{{/code}}, which allows you to authenticate users against an Active Directory Domain.
16 -
17 -All you need to know is the Windows/NetBIOS Name of your domain and the corresponding DNS name used to physically locate the Active Directory server.
18 -
19 -In our example we use {{code language="none"}}EXAMPLE{{/code}} as the Windows/NetBIOS domain name with its DNS counterpart {{code language="none"}}example.com{{/code}}.
20 -
21 -(% class="wrapped" %)
22 -|=(((
23 -(% class="tablesorter-header-inner" %)
24 -(((
25 -Key
26 -)))
27 -)))|=(((
28 -(% class="tablesorter-header-inner" %)
29 -(((
30 -Value
31 -)))
32 -)))
33 -|(((
34 -{{code language="none"}}
35 -defaultDomain
36 -{{/code}}
37 -)))|(((
38 -{{code language="none"}}
39 -EXAMPLE
40 -{{/code}}
41 -)))
42 -|(((
43 -{{code language="none"}}
44 -domain.EXAMPLE.controllerUri
45 -{{/code}}
46 -)))|(((
47 -{{code language="none"}}
48 -ads://example.com
49 -{{/code}}
50 -)))
51 -|(((
52 -{{code language="none"}}
53 -domain.EXAMPLE.authMethod
54 -{{/code}}
55 -)))|(((
56 -{{code language="none"}}
57 -bindAds
58 -{{/code}}
59 -)))
60 -
61 -= {{id name="org.clazzes.login.ldap-DetailedConfiguration"/}}Detailed Configuration =
62 -
63 63  The LDAP login service may be configured using the OSGi configuration PID {{code language="none"}}org.clazzes.login.ldap{{/code}} using these configuration values:
64 64  
65 -(% class="wrapped" %)
66 66  |=(((
67 67  (% class="tablesorter-header-inner" %)
68 68  (((
... ... @@ -159,33 +159,13 @@
159 159  )))|(((
160 160  The LDAP attribute to try to use as primary e-mail address for users.
161 161  )))
162 -|(((
163 -{{code language="none"}}
164 -domain.<domain>.mobileAttribute
165 -{{/code}}
166 -)))|(((
167 -\\
168 -)))|(((
169 -The LDAP attribute to try to use as mobile phone number for users. This number is used to send ephemerals OTP for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value {{code language="none"}}mobile{{/code}} in order to activate ephemeral OTP two-factor-authentication.
170 -)))
171 -|(((
172 -{{code language="none"}}
173 -domain.<domain>.tokenIdsAttribute
174 -{{/code}}
175 -)))|(((
176 -\\
177 -)))|(((
178 -The LDAP attribute to try to use as a space separated list of 12-character YubiKey token IDs (like {{code language="none"}}cccccceiiuch{{/code}}) for users. These token IDs are used to check token OTPs for two-factor-authentication to the user. If this option is activated, two-factor signons are mandatory for this domain. Usually, this option is configured to the value {{code language="none"}}pager{{/code}} in order to activate token-based OTP two-factor-authentication.
179 -)))
180 180  
181 181  There may be multiple domains in a configuration.
182 182  
183 -== {{id name="org.clazzes.login.ldap-ControllerSchemes"/}}Controller Schemes ==
130 +=== {{id name="org.clazzes.login.ldap-ControllerSchemes"/}}Controller Schemes ===
184 184  
185 185  The URL schemes for a domain controller are ldap, ldaps and ads.
186 186  
187 -=== {{id name="org.clazzes.login.ldap-ADScontrollerscheme"/}}ADS controller scheme ===
188 -
189 189  The {{code language="none"}}ads{{/code}} URL scheme for the URL {{code language="none"}}ads://mydomain.com{{/code}} undertakes a lookup for the DNS records
190 190  
191 191  (% class="code" %)
... ... @@ -196,30 +196,4 @@
196 196  
197 197  to auto-detect the apropriate {{code language="none"}}ldap(s){{/code}} URI.
198 198  
199 -=== {{id name="org.clazzes.login.ldap-LDAPcontrollerscheme"/}}LDAP controller scheme ===
200 -
201 -When directly specifying the LDAP-Server using an URL like {{code language="none"}}ldap://ldap-01.mydomain.com{{/code}} it is possible to specify the baseDN for searches using a pseudo-path like in {{code language="none"}}ldap://ldap-01.mydomain.com/dc=mydomain,dc=com{{/code}}
202 -
203 -= {{id name="org.clazzes.login.ldap-ManualinstallationinOSGicontainer"/}}Manual installation in OSGi container =
204 -
205 -I some software product has pointed to this page for configuration details, the bundle is probably already installed in the OSGi container the software product runs in.
206 -
207 -OSGi administrators maintaining an individual OSGi container can install the ldap-login-service bundle using these osgi commands:
208 -
209 -(% class="code" %)
210 -(((
211 -obr:addurl http:~/~/maven.clazzes.org/repository.xml
212 -obr:deploy ldap-login-service
213 -)))
214 -
215 -= {{id name="org.clazzes.login.ldap-Developerinformation"/}}Developer information =
216 -
217 -The maven artifact is:
218 -
219 -(% class="code" %)
220 -(((
221 -<groupId>org.clazzes.login</groupId>
222 -<artifactId>ldap-login-service</artifactId>
223 -)))
224 -
225 225  
Confluence.Code.ConfluencePageClass[0]
Id
... ... @@ -1,1 +1,1 @@
1 -688656
1 +688924
URL
... ... @@ -1,1 +1,1 @@
1 -https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688656/org.clazzes.login.ldap
1 +https://clazzes.atlassian.net/wiki/spaces/LOGIN/pages/688924/org.clazzes.login.ldap