Database Reference
In-Depth Information
Remember that if you are using SSL, the LDAP port for your
Active Directory connection will most likely be 636 and the scheme
is
ldaps://
; if you are not using SSL, then it is most likely 389 with
the scheme
ldap://
(as shown in
Example 8-1
).
Example 8-1
shows an example configuration.
Example 8-1. Security Manager configuration with an LDAP realm for Microsoft
Active Directory
<security-manager
xmlns=
"http://exist-db.org/Configuration"
xmlns:xsi=
"http://www.w3.org/ 2001/XMLSchema-instance"
>
<authentication-entry-point>
/authentication/login
</authentication-entry-point>
<realm
id=
"LDAP"
version=
"1.0"
principals-are-case-insensitive=
"true"
>
<context>
<authentication>
simple
</authentication>
<use-ssl>
false
</use-ssl>
<url>
ldap://ad.mydomain.com:389
</url>
<domain>
ad.mydomain.com
</domain>
<search>
<base>
ou=mygroup,dc=ad,dc=mydomain,dc=com
</base>
<default-username>
account@ad.mydomain.com
</default-username>
<default-password>
XXXXXXX
</default-password>
<account>
<search-filter-prefix>
objectClass=user
</search-filter-prefix>
<search-attribute
key=
"objectSid"
>
objectSid
</search-attribute>
<search-attribute
key=
"primaryGroupID"
>
primaryGroupID
</search-attribute>
<search-attribute
key=
"name"
>
sAMAccountName
</search-attribute>
<search-attribute
key=
"dn"
>
distinguishedName
</search-attribute>
<search-attribute
key=
"memberOf"
>
memberOf
</search-attribute>
<metadata-search-attribute
key=
"http://axschema.org/namePerson"
>
name
</metadata-search-attribute>
<metadata-search-attribute
key=
"http://axschema.org/namePerson/last"
>
sn
</metadata-search-attribute>
<metadata-search-attribute
key=
"http://axschema.org/namePerson/first"
>
givenName
</metadata-search-attribute>
<metadata-search-attribute
key=
"http://axschema.org/contact/email"
>
mail
</metadata-search-attribute>
</account>
<group>
<search-filter-prefix>
objectClass=group
</search-filter-prefix>
<search-attribute
key=
"member"
>
member
</search-attribute>
<search-attribute
key=
"objectSid"
>
objectSid
</search-attribute>
<search-attribute
key=
"name"
>
sAMAccountName
</search-attribute>
<search-attribute
key=
"dn"
>
distinguishedName
</search-attribute>
Search WWH ::
Custom Search