MashZone NextGen 10.2 | Appendix | Administration | Getting Started with the MashZone NextGen Server | Integrate Your LDAP Directory with MashZone NextGen | Enabling MashZone NextGen Application Queries for All LDAP Users or Groups for Permissions
 
Enabling MashZone NextGen Application Queries for All LDAP Users or Groups for Permissions
MashZone NextGen queries the User Repository for user groups and users to enable you and other users to assign permissions for MashZone NextGen resources. To enable these queries you set properties in the Admin Console:
1. If needed, log into MashZone NextGen Hub and click Admin Console in the main menu.
2. Expand MashZone NextGen Repositories and click User Repository - LDAP.
3. Click Advanced Options.
4. To enable queries for all users, set these properties:
*User Search Base (in Authentication Properties) = the base context for a search for all users. This is used with the All Users Search Filter and Search Subtree For All Users properties to get a result. For example:
ou=People
This property is also used to search for users during authentication. Consider both uses before changing its value.
*All Users Search Filter (in MashZone NextGen Queries) = the search filter, combined with User Search Base that is used to find all user entries. For example:
objectclass=inetOrgPerson
Ensure that the objectclass=inetOrgPerson attribute is set on the LDAP server.
To support wildcard searches and define the sort order for results, you must also define these properties:
*Attributes Used in Wildcard Search (in MashZone NextGen Queries) = a list of LDAP attributes, separated by commas, to search in for wildcard searches. This defaults to:
cn,uid
*User Sort By Attribute (in MashZone NextGen Queries) = the LDAP attribute that should be used to sort the results of wildcard searches. This defaults to:
cn
You must also define these properties so that Admin Console can display minimal user information:
*User First Name Attribute (in MashZone NextGen Queries) = the LDAP attribute that holds users' first names.
*User Last Name Attribute (in MashZone NextGen Queries) = the LDAP attribute that holds users' last names.
*User Email Attribute (in MashZone NextGen Queries) = the LDAP attribute that holds users' email addresses.
5. To enable queries for LDAP groups that can be used to assign MashZone NextGen permissions:
*Group Search Base (in Authorization Properties) = the beginning context, combined with Filter to Find All Groups for Roles to find all LDAP groups that can be used to assign MashZone NextGen permissions. For example:
ou=groups
Important: This property is also used to search for MashZone NextGen permissions during authorization. Consider both uses before changing its value.
*Filter to Find All Groups for Permissions = the search filter, combined with Group Search Base that is used to find all LDAP groups that may be used to assign MashZone NextGen permissions. For example:
objectclass=groupOfUniqueNames
Trouble shooting: If your LDAP user with role Presto_Administrator does not work, it might be helpful to stop MashZone NextGen first, deactivate and reactivate your LDAP connection in MashZone NextGen and then restart MashZone NextGen again.

Copyright © 2013-2018 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.
Innovation Release