LDAP Servers (Service Providers)
EDG can support multiple LDAP service providers (e.g., multiple Active Directory domains or LDAP servers). For each one, click the Add New button to create a new LDAP stanza (parameter group).
Before applying any LDAP changes, please double-check all settings for accuracy.
Inconsistencies with remote LDAP systems could result in the loss of EDG permissions,
which could be especially problematic for administrators (i.e., users having roles with
AdministratorGrp group privileges; see Rights Management).
Please verify before proceeding.
Losing administrator permissions would block access to Administration pages, including this one,
thereby requiring external access to the EDG system environment to modify the configuration files directly.
Configuration parameters
Parameter |
Description |
|---|---|
Connection URL |
LDAP service provider’s connection URL |
Username for server connection |
Username for connection login |
Password for server connection |
This field is editable only if the other LDAP server parameters are set. |
User pattern string |
Based on the Tomcat JNDIRealm (for LDAP), this is the userSearch and userBase (e.g., “sAMAccountName={0},CN=Users,DC=sharepoint,DC=tqinc,DC=info”) |
Role definition base |
roleBase: The base DN for role searches (e.g., “OU=Roles,DC=sharepoint,DC=tqinc,DC=info”) |
Role name identifier |
roleName: The name of the attribute that has the role-entry’s name (e.g., “cn”) |
Role search string |
roleSearch: The LDAP search filter for selecting role entries (e.g., “(member={0})”) |
Membership search string (OPTIONAL, Recommended) |
For certain LDAPs (e.g., Active Directory), this is the reverse of roleSearch, used to find role memberships for a given user (e.g., “(memberOf={0})”). |