LDAP Configuration
If you installed a Lightweight Directory Access Protocol (LDAP) server or a secure LDAP (LDAPS) server, you can configure the system to use the LDAP user registry to authenticate users.
About this task
Before you configure embedded application login security, you must gather information about your LDAP server and create valid configuration file. The configuration data depends on the type of LDAP product that you use and how it is configured in your environment.
The oneWEX allows user to put Liberty configuration and required files. Passwords in XML files will be AES encoded unless it specified to do not so.
Note: All files will be uploaded to single directory in flat layout. Thus, other file can be
referred by its name. Example: Referring another file.<include
location="another_settings.xml" />
Procedure
How to make LDAP user as Admin
To make LDAP user act as 'Admin' user, set a list of pattern texts from the API:
- API Path:
https://your.server/api/v1/usermgmt/config/admin
- API Documentation:
https://your.server/docs/#/User/getAdminPatterns
For each pattern, each user and group are evaluated. Once the pattern matches, user will be Admin (allow=true) or User (allow=false). Alternatively specify 'Role' from Admin, User, ToolUser and AppUser.
Example:
[
{
"pattern": "CN=admingroup,CN=Users,DC=example,DC=org"
},
{
"pattern": "CN=othergroup*,CN=Users,DC=example,DC=org",
"allow": false
},
{
"pattern": "CN=mygroup,CN=Users,DC=example,DC=org",
"role": "AppUser"
}
]
- The first entry means that a user in the group that has CN starting with "admingroup", and matches the remaining part, is given a default access (i.e., "allow" as `true`).
- The second entry means that a user in the "CN=othergroup*" (e.g., othergroup1, othergroup2, ...) is not allowed an administrative role.
- The last entry means that a user in the "CN=mygroup" is given the AppUser role.
If none of the patterns matches any of user’s groups, the user’s role is set as “User”.