Database Reference
In-Depth Information
eXist by default, so if you wish to use it simply add its realm configuration to the
security configuration in /db/system/security/conf.xml .
LDAP itself does not impose a structure on any particular directory system; rather, it
allows you to create a directory structure of your own devising. Products like Red Hat
IPA (Identity, Policy, and Audit) and Microsoft Active Directory typically impose a
common proprietary structure on an LDAP directory implementation. The LDAP
module is flexible enough to cope with any directory structure, but this flexibility
comes at a price—namely, that the configuration of the LDAP module is more com‐
plicated than that of other such modules in eXist. However, it should not be too diffi‐
cult for those familiar with LDAP.
The configuration options available for the LDAP module are comprehensive, so we
will examine each and provide some explanation. We will also provide an example
configuration for integrating with Microsoft Active Directory.
The current design of the LDAP module causes eXist to cache
LDAP account credentials in the /db/system/security/ldap
collection.
This has a few implications that you should be aware of:
• A copy of your LDAP password will be kept securely
(RIPEMD-160 hashed), which may or may not meet the secu‐
rity requirements of your organization.
• If a user is deleted or disabled in the LDAP directory, he will
still have access to eXist until his cached credentials are man‐
ually removed from eXist.
LDAP configuration options
The configuration is specified in an LDAP realm configuration inside the security
XML configuration file. An XML Schema 1.1 schema is provided with eXist for
checking your LDAP configuration structure; you can find it in $EXIST_HOME/
extensions/security/ldap/ldap-realm.xsd . An example for Microsoft Active Directory
is provided in “LDAP configuration for Microsoft Active Directory” on page 172 .
All configuration options in Table 8-11 are mandatory unless otherwise stated.
Search WWH ::




Custom Search