Database Reference
In-Depth Information
Configuration
option name
Description
context (LDAP
context
configuration)
metadata-
search-
attribute
eXist supports the notion of storing and retrieving metadata about a group. For the purposes of LDAP,
group metadata is currently unsupported. However, it is likely that this may be implemented in
future versions of eXist if demand arises.
whitelist
An optional whitelist of LDAP groups that are permitted access to eXist. The
blacklist
is
always
evaluated before the
whitelist
. If a
whitelist
is provided, a group must appear in the list to
get access to eXist; otherwise, its members will be denied access via LDAP.
blacklist
An optional blacklist of LDAP groups that are forbidden access to eXist. If a group is not in the
black
list
and a
whitelist
is not provided, then its members are given access via LDAP; otherwise,
they are further checked against the
whitelist
.
transformation
(transformations
applied to LDAP to
aid integration)
add-group
This optional transformation allows you to automatically add each LDAP user to a group known to
eXist from another realm (e.g., its internal realm).
For example, you could create a group in eXist called
businessUsers
and have all LDAP users
automatically added to this group, and they would be granted access to any collections or resources
that you have permitted the
businessUsers
group access to.
LDAP configuration for Microsoft Active Directory
Before attempting to configure eXist to authenticate with your Active Directory, it is
highly recommended that you discuss this with your network administrators. In any
case, they will need to provide you with the username and password for a low-
privileged account to use in the
default-username
and
default-password
parts of
the realm configuration.
It is also recommended that you first use a tool like
Apache Directory Studio
to
ensure that you can connect to your Active Directory using LDAP with the username
and password provided for the low-privileged account by your network administra‐
tor. Apache Directory Studio is a particularly good choice, as not only is it very easy
to use and functional, but it is written in Java and uses the same underlying LDAP
libraries that eXist will use to connect to your LDAP directory.
Search WWH ::
Custom Search