Database Reference
In-Depth Information
Configuration
option name
Description
context (LDAP
context
configuration)
metadata-
search-
attribute
eXist supports the notion of storing and retrieving metadata about a group. For the purposes of LDAP,
group metadata is currently unsupported. However, it is likely that this may be implemented in
future versions of eXist if demand arises.
whitelist
An optional whitelist of LDAP groups that are permitted access to eXist. The blacklist is always
evaluated before the whitelist . If a whitelist is provided, a group must appear in the list to
get access to eXist; otherwise, its members will be denied access via LDAP.
blacklist
An optional blacklist of LDAP groups that are forbidden access to eXist. If a group is not in the black
list and a whitelist is not provided, then its members are given access via LDAP; otherwise,
they are further checked against the whitelist .
transformation
(transformations
applied to LDAP to
aid integration)
add-group
This optional transformation allows you to automatically add each LDAP user to a group known to
eXist from another realm (e.g., its internal realm).
For example, you could create a group in eXist called businessUsers and have all LDAP users
automatically added to this group, and they would be granted access to any collections or resources
that you have permitted the businessUsers group access to.
LDAP configuration for Microsoft Active Directory
Before attempting to configure eXist to authenticate with your Active Directory, it is
highly recommended that you discuss this with your network administrators. In any
case, they will need to provide you with the username and password for a low-
privileged account to use in the default-username and default-password parts of
the realm configuration.
It is also recommended that you first use a tool like Apache Directory Studio to
ensure that you can connect to your Active Directory using LDAP with the username
and password provided for the low-privileged account by your network administra‐
tor. Apache Directory Studio is a particularly good choice, as not only is it very easy
to use and functional, but it is written in Java and uses the same underlying LDAP
libraries that eXist will use to connect to your LDAP directory.
 
Search WWH ::




Custom Search