Principles of Configuring Against LDAP
CentraSite supports various LDAP configurations and provides standard settings that allow you to set up your authentication quickly against these standard systems.
There are many questions that are involved when you configure against an LDAP system:
What kind of LDAP server is it?
What is the hierarchical node structure of the LDAP server?
In which kinds of objects are the user and group definitions contained?
Which node properties contain the user names or group IDs?
What other property mappings are required?
In general, before you begin to specify the configuration, we recommend you to study the LDAP structure and contents using an LDAP browser. There are various freeware tools such as JXplorer that allow you to do this. Using the LDAP browser, you can bind to an LDAP server, then navigate through the hierarchy to see the structures that contains the users and groups. Also, you can open the nodes that contain the definitions of individual users or groups, and view the properties that are stored for each user or group. An example of a node for a user testuser01 might show the following properties:
Property name | Value |
cn | testuser01 |
objectClass | OpenLDAPperson |
Mail | JohnSmith@MyCompany.com |
Phone | +1 234 555 678 |
The path to the node for this user might be com/People/Location3/testuser01, where com is the root node. The setup on this LDAP server might be that all users are stored under the People node (com/People/…) and all groups are stored under the Groups node (com/Groups/…). Since every CentraSite customer can define their LDAP user and group structures differently, the details of the LDAP configuration that you will perform in CentraSite vary accordingly, since you must map explicitly to the customer LDAP structures.