LDAP Servers (Service Providers)

EDG can support multiple LDAP service providers (e.g., multiple Active Directory domains or LDAP servers). For each one, click the plus sign “+” to create a new LDAP stanza (parameter group).

Before applying any LDAP changes, please double-check all settings for accuracy. Inconsistencies with remote LDAP systems could result in the loss of EDG permissions, which could be especially problematic for administrators (i.e., users having roles with AdministratorGrp group privileges; see Rights Management). Please verify before proceeding. Losing administrator permissions would block access to Administration pages, including this one, thereby requiring external access to the EDG system environment to modify the configuration files directly.

Configuration parameters

For each LDAP server, open Server Configuration > Edit > Configuration parameters > “+” and enter the following server parameters. To delete an LDAP server configuration, open Edit and click its “x”.

Parameter

Default

Description

Connection URL

LDAP service provider’s connection URL

Username for server connection

Username for connection login

Password for server connection

This appears only if other LDAP parameters are set, and it is set after Save Changes has completed.

User pattern string

Based on the Tomcat JNDIRealm (for LDAP), this is the userSearch and userBase (e.g., “sAMAccountName={0},CN=Users,DC=sharepoint,DC=tqinc,DC=info”)

Role definition base

roleBase: The base DN for role searches (e.g., “OU=Roles,DC=sharepoint,DC=tqinc,DC=info”)

Role name identifier

roleName: The name of the attribute that has the role-entry’s name (e.g., “cn”)

Role search string

roleSearch: The LDAP search filter for selecting role entries (e.g., “(member={0})”)

Membership search string (OPTIONAL, Recommended)

For certain LDAPs (e.g., Active Directory), this is the reverse of roleSearch, used to find role memberships for a given user (e.g., “(memberOf={0})”).