Integrate Your LDAP Directory with MashZone NextGen

In many cases, users and authentication information for an organization is defined in an existing LDAP Directory. You can configure MashZone NextGen to use your LDAP Directory as the source for user and group information.

See the System Requirements for Software AG Products guide for information on MashZone NextGen support for specific LDAP Directory solutions.

Procedure

  1. If the MashZone NextGen Server is not yet started, start MashZone NextGen. See Start and Stop the MashZone NextGen Server for instructions.
  2. Change MashZone NextGen configuration to use LDAP as the authentication provider.
    1. Edit the userRepositoryApplicationContext.xml file in the MashZoneNG-config folder with any text editor.

      This folder may be in the default location or in an external location. See Setting Up an External MashZone NextGen Configuration Folder for more information.

    2. Remove the comment markers around this statement: <import resource="/userRepositoryApplicationContext-ldap.xml">.
    3. Comment out this statement: <import resource="/userRepositoryApplicationContext-jdbc.xml"> property.

      You cannot use both default authentication and LDAP authentication.

      The configuration should look something like this:

      <beans> <!-- Choose between the interal JDBC repository and LDAP comment/uncomment these two import statements --> <import resource="/userRepositoryApplicationContext-ldap.xml"> <!-- <import resource="/userRepositoryApplicationContext-jdbc.xml"> --> ... </beans>

  3. Change MashZone NextGen configuration for the user attribute provider.
    1. If it is not already open, edit the userRepositoryApplicationContext.xml file in the MashZoneNG-config folder with any text editor.

      This folder may be in the default location or in an external location. See Setting Up an External MashZone NextGen Configuration Folder for more information.

    2. Find the userAttributeProvider bean:

      <bean id="userAttributeProvider" > ...

    3. Remove comment markers around the ldapAttributeProvider bean reference in the providers property list.

      The configuration should now look something like this:

      <bean id="userAttributeProvider" > <property name="providers"> <list> <ref bean="ldapAttributeProvider"/> <ref bean="internalUserAttributeProvider"/> </list> </property> </bean>

    4. Save your changes to this file.

      Do not restart the MashZone NextGen Server until all other LDAP configuration steps have been completed.

  4. Define configuration in the Admin Console in MashZone NextGen Hub for:

    Connections to the LDAP Directory. See Defining LDAP Connection Configuration.

    Authentication mechanisms. See Defining the Authentication Scheme.

    Authorization mechanisms. See Defining the Authorization Scheme.

    All user and group queries used in MashZone NextGen applications. See Enabling MashZone NextGen Application Queries for All LDAP Users or Groups for Permissions.

  5. Ensure that there is at least one user with administrative permissions in MashZone NextGen, otherwise the system will be locked. For details, see the chapter Start MashZone NextGen with an initial administrator user.
  6. Restart the MashZone NextGen Server.

    MashZone NextGen now uses LDAP as the user repository. You can now login using the user account assigned in earlier steps as a MashZone NextGen administrator.

    To grant access to other users, add them to an appropriate built-in MashZone NextGen user group in LDAP.