Database Reference
In-Depth Information
group (LDAP group
search and property
mapping
configuration)
Configuration
option name
Description
context (LDAP
context
configuration)
An optional blacklist of LDAP user accounts that are forbidden access to eXist. If a user is not in the
blacklist
and a
whitelist
is not provided, then he is given access via LDAP; otherwise, he is
further checked against the
whitelist
.
blacklist
search-filter-
prefix
The prefix to use when searching the LDAP directory. This should indicate the class of a group within
the LDAP directory.
For example, with Active Directory you would use the value
objectClass=group
. eXist would
then construct an LDAP search string like
(&(objectClass=group)(
name
=
value
))
, where
name
will be substituted by the actual LDAP attribute indicated by a
search-attribute
and
value
will be substituted by the criteria of the thing you are trying to find.
Trying to retrieve the user group
editors
from Active Directory would, for example, cause eXist to
produce the LDAP search string
(&(objectClass=group)(sAMAccountName=edi
tors))
.
search-
attribute
As an LDAP directory can come in any shape, eXist needs to know how to address certain properties
of the user group in the directory. The
search-attribute
maps a group property that eXist can
understand to an LDAP directory property.
eXist requires
search-attribute
for the following group properties:
eXist group
property
Map to (description)
The property that holds a SID (Unique Security Identifier) for the group.
objectSid
The property that holds the name of the group.
name
The property that holds the LDAP directory DN (distinguished name) of the
group.
dn
The property that holds the list of members (i.e., user accounts) of this
group.
member
Search WWH ::
Custom Search