Establishing an LDAP connection

You can use the Business console or an Ant task to establish the LDAP connection.

To establish the connection using the Business console, enter the connection information in the Administration tab of the Business console, in the Connection Settings subtab. The connection parameters are the same as those described below for the Ant task.

To establish the connection using the Ant task, you create an XML configuration file and upload it by running the upload-ldapconfigs-def Ant task, located in <InstallDir>/teamserver/bin/build.xml, with the following parameters:
  • -DldapConfigDefinitionsFilePath=<The path to the LDAP definition file>

  • -Dserver.url=<The Decision Center URL>

  • -DrtsAdmin.login=<The user name to log in to Decision Center>

  • -DrtsAdmin.password=<The password to log in to Decision Center>

  • -DdatasourceName=<The data source name>

  • -Ddownload=<Set to true to download existing file from the database instead of uploading>

  • -Doutputfile=<The path to save the downloaded file>

For example:
ant upload-ldapconfigs-def -DldapConfigDefinitionsFilePath=C:\my_path\ldapconfigs.xml -Dserver.url=my_url -DrtsAdmin.login=rtsAdmin -DrtsAdmin.password=rtsAdmin -DdatasourceName=my_datasource
You define one or several LDAP connections inside the configuration file. You define the connections inside the <ldapConnections> tag, with the following parameters:
  • <ldapConnection="Name of the connection"/> - Declares the name of the connection.
  • <ldapUrl> - Declares the URL of the LDAP server to connect to.
  • <searchConnectionDN> - The complete directory name to use when you bind to LDAP for searches. If not specified, an anonymous connection is made.
  • <searchConnectionPassword> - Password that is used for LDAP searches. Used with the Search Connection DN field.
  • <groupSearchBase> - Directory that is used for group searches, such as ou=employees,dc=mydomain,dc=com.
  • <groupSearchFilter> - LDAP filter expression that is used when you search for user entries. The user name replaces the {1} variable in the search pattern and the full user distinguished name (DN) replaces the {0} variable, for example, member.
  • <groupNameAttribute> - The name of the entry that contains the user group names in the directory entries that are returned by the group search. If this entry is not specified, no group search runs. For example, enter cn.
  • <userNameAttribute> - The attribute that contains the user name in the LDAP. This attribute is mandatory and must be defined for all users in the LDAP directory.
  • <ldapProperties> - For any additional required LDAP properties.
  • <ldapProperty> - For each additional required LDAP property.
  • <ldapPropertyName> - The name of the additional required LDAP property.
  • <ldapPropertyValue> - The value of the additional required LDAP property.
The following example shows the XML configuration file with the LDAP connection.
<ldapConnections>
  <ldapConnection name="IBM Blue Pages">
    <ldapUrl>ldap://localhost:10389/</ldapUrl>
    <searchConnectionDN>uid=admin,ou=Users,dc=example,dc=com</searchConnectionDN>
    <searchConnectionPassword>secret</searchConnectionPassword>
    <groupSearchBase>ou=Groups,dc=example,dc=com</groupSearchBase>
    <groupSearchFilter>member</groupSearchFilter>
    <groupNameAttribute>cn</groupNameAttribute>
    <userNameAttribute>uid</userNameAttribute>
  </ldapConnection>
</ldapConnections>