Home > Cloud Cruiser 3 > Administering > LDAP support

LDAP support

Cloud Cruiser can be integrated with an ​LDAP repository for authentication purposes. This can be done by modifying the <installDir>/apache-tomcat-7.0.35/webapps/ROOT/WEB-INF/classes/security.properties file. For instructions, see Configuring authentication.

Users must be imported from the LDAP server into the Cloud Cruiser application. This is accomplished with a batch job. The sample job file at <installDir>/job_samples/import_ldap_users.xml can be used as a template.

Importing LDAP users

The first part of the import step in the job file specifies the LDAP configuration, which includes the URL of the LDAP server, the base domain name to be used for LDAP queries, and the LDAP administrator user name and password. For example:

<bean id="contextSource" class="org.springframework.ldap.core.support.LdapContextSource">
  <property name="url" value="ldap://ldap.cloudcruiser.com:389" />
  <property name="base" value="OU=People,DC=cloudcruiser,DC=com" />
  <property name="userDn" value="adminUser" />
  <property name="password" value="adminPassword" />
</bean>

The second part of the import step uses the ImportLDAPUsersTasklet to import the LDAP attributes and other properties. For example:

<bean class="com.cloudcruiser.batch.ldap.ImportLDAPUsersTasklet">
  <property name="adminUsers">
    <list>
      <value>bigboss</value>
      <value>littleboss</value>
    </list>
  </property>
  <property name="activateNewUsers" value="true"/>
  <property name="targetUserGroup" value="Customers" />
  <property name="userIdAttribute" value="userId" />
  <property name="userFullNameAttribute" value="fullName" />
  <property name="userEmailAttribute" value="emailAddress" />
  <property name="userFilters">
    <list>
      <value>objectClass=user</value>
      <value>objectCategory=person</value>
    </list>
  </property>
</bean>

Descriptions of these and other properties for the tasklet are covered in the following section.

ImportLDAPUsersTasklet Properties

<property name="activateNewUsers" value="true"|"false" />

Specifies whether all imported users are active. The default is true. When false, only users with the Admin role are imported as active.

<property name="adminUsers" value="adminUsers" />

Specifies a list of users who will be granted the admin role when imported. Each item of the list is matched against the userIdAttribute property in the imported LDAP records.

<property name="ldapTemplate" value="ldapTemplate" />

Used by Cloud Cruiser’s import process.

<property name="targetUserGroup" value="userGroup" />

Specifies the user group that users are assigned to when imported. If the group does not exist, it will be created.

<property name="userEmailAttribute" value="emailAddress" />

Specifies the LDAP attribute to be used to populate the email_address attribute of imported users.

<property name="userFilters" value="userFilters" />

Specifies the LDAP filters that are used to search for users. If a record matches these filters, the record is interpreted as a user to import. Each item must be specified as an "equals" filter of the form "attribute=value".

<property name="userFullNameAttribute" value="fullName" />

Specifies the LDAP attribute to be used to populate the username (full name) attribute of imported users.

<property name="userIDAttribute" value="userId" />

Specifies the LDAP attribute to be used to populate the userid (username) attribute of imported users.

Last modified

Tags

This page has no custom tags.

Classifications

This page has no classifications.
© Copyright 2018 Hewlett Packard Enterprise Development LP