LDAP Servers Section

EDG can support multiple LDAP service providers (e.g., multiple Active Directory domains or LDAP servers). For each one, click the Add New button to create a new LDAP stanza (parameter group).

Before applying any LDAP changes, please double-check all settings for accuracy. Inconsistencies with remote LDAP systems could result in the loss of EDG permissions, which could be especially problematic for administrators (i.e., users having roles with AdministratorGrp group privileges; see Rights Management Admin Page). Please verify before proceeding. Losing administrator permissions would block access to Administration pages, including this one, thereby requiring external access to the EDG system environment to modify the configuration files directly.

Configuration parameters

Parameter

Description

Connection URL

LDAP service provider’s connection URL

Username for server connection

Username for connection login

Password for server connection

This field is editable only if the other LDAP server parameters are set.

User pattern string

Based on the Tomcat JNDIRealm (for LDAP), this is the userSearch and userBase (e.g., “sAMAccountName={0},CN=Users,DC=sharepoint,DC=tqinc,DC=info”)

Role definition base

roleBase: The base DN for role searches (e.g., “OU=Roles,DC=sharepoint,DC=tqinc,DC=info”)

Role name identifier

roleName: The name of the attribute that has the role-entry’s name (e.g., “cn”)

Role search string

roleSearch: The LDAP search filter for selecting role entries (e.g., “(member={0})”)

Membership search string (OPTIONAL, Recommended)

For certain LDAPs (e.g., Active Directory), this is the reverse of roleSearch, used to find role memberships for a given user (e.g., “(memberOf={0})”).

Further Reading on TopBraid