Difference between revisions of "LDAP"
Jump to navigation
Jump to search
(Created page with "Category:RegistrySecurity Coming soon.") |
|||
| (3 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
[[Category:RegistrySecurity]] | [[Category:RegistrySecurity]] | ||
| + | = Overview = | ||
| − | + | Fusion Registry can use LDAP as the authorization mechanism | |
| + | |||
| + | = Defining an LDAP connection = | ||
| + | |||
| + | == Specifying the Connection Details == | ||
| + | On the page page Security -> Authentication Service ensure the drop-down states "LDAP". The following fields are presented. | ||
| + | |||
| + | {| class="wikitable" | ||
| + | !| Item | ||
| + | !| Description | ||
| + | |- | ||
| + | |Protocol and hostname | ||
| + | |'''Mandatory''' Either select ldap or ldaps (LDAP over SSL) in the left-side drop-down. In the input field, enter the server and if necessary port number. E.g. localhost:10389 | ||
| + | |- | ||
| + | |Base DN | ||
| + | |The Base Distinguished Name identifies the entry in the directory from which searches initiated by LDAP clients occur. E.g dc=metdatatechnology,dc=com | ||
| + | |- | ||
| + | |Manager DN | ||
| + | |The manager DN used for querying the directory server and so this user must have privileges to search the directory. E.g. cn=admin,dc=metdatatechnology,dc=com | ||
| + | |- | ||
| + | |Manager Password | ||
| + | |The password for the manager account | ||
| + | |- | ||
| + | |User Search Base | ||
| + | |The starting point the LDAP server uses when searching for users authentication within your directory. This works in tandem with the base DN. E.g A value of "ou=people" would search under "ou=people" under the Base DN "dc=metdatatechnology,dc=com" | ||
| + | |- | ||
| + | |User Search Filter | ||
| + | |Used to identify the users under the User Search Base by a particular criteria. This is often likely to be: uid={0} | ||
| + | |- | ||
| + | |Group Search Base | ||
| + | |The starting point the LDAP server uses when searching for groups within your directory. This works in tandem with the base DN. E.g A value of "ou=people" would search for groups under "ou=people" under the Base DN "dc=metdatatechnology,dc=com" | ||
| + | |- | ||
| + | |Group Search Filter | ||
| + | |Used to identify the groups under the Group Search Base by a particular criteria. E.g. member={0} | ||
| + | |- | ||
| + | |Role Prefix | ||
| + | |An optional prefix which will be prepended to Granted Authority values loaded from the directory. | ||
| + | |- | ||
| + | |UserID Attribute | ||
| + | |'''Mandatory''' This is used to determine what value a user should be displayed as. It is likely this value will be '''uid''' | ||
| + | |} | ||
| + | |||
| + | Once the LDAP server has been set up correctly you should find that attempts to logon as a user from your LDAP directory may be refused permission due to lack of permissions. | ||
| + | |||
| + | The next step is to set up [[Fusion_Security_Manager_(FR_V11) |Fusion Security Manager.]] | ||
Latest revision as of 07:06, 12 September 2024
Overview
Fusion Registry can use LDAP as the authorization mechanism
Defining an LDAP connection
Specifying the Connection Details
On the page page Security -> Authentication Service ensure the drop-down states "LDAP". The following fields are presented.
| Item | Description |
|---|---|
| Protocol and hostname | Mandatory Either select ldap or ldaps (LDAP over SSL) in the left-side drop-down. In the input field, enter the server and if necessary port number. E.g. localhost:10389 |
| Base DN | The Base Distinguished Name identifies the entry in the directory from which searches initiated by LDAP clients occur. E.g dc=metdatatechnology,dc=com |
| Manager DN | The manager DN used for querying the directory server and so this user must have privileges to search the directory. E.g. cn=admin,dc=metdatatechnology,dc=com |
| Manager Password | The password for the manager account |
| User Search Base | The starting point the LDAP server uses when searching for users authentication within your directory. This works in tandem with the base DN. E.g A value of "ou=people" would search under "ou=people" under the Base DN "dc=metdatatechnology,dc=com" |
| User Search Filter | Used to identify the users under the User Search Base by a particular criteria. This is often likely to be: uid={0} |
| Group Search Base | The starting point the LDAP server uses when searching for groups within your directory. This works in tandem with the base DN. E.g A value of "ou=people" would search for groups under "ou=people" under the Base DN "dc=metdatatechnology,dc=com" |
| Group Search Filter | Used to identify the groups under the Group Search Base by a particular criteria. E.g. member={0} |
| Role Prefix | An optional prefix which will be prepended to Granted Authority values loaded from the directory. |
| UserID Attribute | Mandatory This is used to determine what value a user should be displayed as. It is likely this value will be uid |
Once the LDAP server has been set up correctly you should find that attempts to logon as a user from your LDAP directory may be refused permission due to lack of permissions.
The next step is to set up Fusion Security Manager.
