LDAP / AD
- Dinah Bolli (Unlicensed)
User data can be read from an LDAP system or the local Active Directory via the LdapSyncSource.
NOTE
The request returns only properties that are also stored in the LDAP. Use the useValueIfEmpty rule to ensure that all properties contain a correct default value or use the ignoreClaimIfEmpty option instead to ignore empty claims.
Configuration
<LdapSyncSource name="Custom LDAP" queryKey="OneOffixxIdentifier">
<LdapServer>server</LdapServer>
<LdapIsSsl>false</LdapIsSsl>
<LdapOverwriteSslVerificationAndReturnTrue>false</LdapOverwriteSslVerificationAndReturnTrue>
<LdapBaseDnPath>dnpath</LdapBaseDnPath>
<LdapUser>username</LdapUser>
<LdapPassword>{c[EppG4YXFJowewksCXa63tdk4+JnpZXRBGPBfajY+HpU=]}</LdapPassword>
<LdapAuthType>Basic</LdapAuthType>
<LdapFilter>filtervalue</LdapFilter>
<LdapEncodingCodePage>65001</LdapEncodingCodePage>
<LdapUseV3ProtocolVersion>false</LdapUseV3ProtocolVersion>
<LdapPropertiesToLoad>cn,displayName,title,thumbnailPhoto</LdapPropertiesToLoad>
<Claims>
<Claim type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" property="cn" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/displayName" property="displayName" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/title" property="title" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/userImage" property="thumbnailPhoto" />
</Claims>
</LdapSyncSource>Options
LdapServer If no value is set, the current Active Directory is used. Default Port: 389.
LdapIsSsl Default: false; optional.
LdapOverwriteSslVerificationAndReturnTrue Default: false; optional.
LdapBaseDnPath If no value is set, the current Active Directory DN path is used.
LdapUser Default: Current user; optional.
LdapPassword Default: Current password from user; optional, encrypted or plain text.
LdapAuthType Default: 'Basic', optional.
Anonymous: no authentication
Basic: Basic authentication
Negotiate: Microsoft Negotiate authentication
Ntlm: Windows NT Challenge/Response (NTLM) authentication
Digest: Digest Access authentication
Sicily: Negotiation mechanism (Sicily) is used to use MSN, DPA or NTLM. This should only be used for LDAP server version 2.
Dpa: Distributed Password authentication
Msn: Microsoft Network Authentication Service
External: an external method is used for authentication
Kerberos: Kerberos Authentication
LdapFilter If no value is set and the queryKey is OneOffixx, the objectSid filter is used.
LdapEncodingCodePage Default: 65001, optional, possible values
LdapUseV3ProtocolVersion Default: false, optional.
LdapPropertiesToLoad Properties to load, separated by commas.
ResultMapping
The LdapSyncSource supports the following mapping format:
<?xml version="1.0" encoding="utf-8"?>
<LdapSyncSource name="Custom LDAP" queryKey="OneOffixxIdentifier">
<LdapServer>server</LdapServer>
<LdapIsSsl>false</LdapIsSsl>
<LdapOverwriteSslVerificationAndReturnTrue>false</LdapOverwriteSslVerificationAndReturnTrue>
<LdapBaseDnPath>dnpath</LdapBaseDnPath>
<LdapUser>username</LdapUser>
<LdapPassword>{c[EppG4YXFJowewksCXa63tdk4+JnpZXRBGPBfajY+HpU=]}</LdapPassword>
<LdapAuthType>Basic</LdapAuthType>
<LdapFilter>filtervalue</LdapFilter>
<LdapEncodingCodePage>65001</LdapEncodingCodePage>
<LdapUseV3ProtocolVersion>false</LdapUseV3ProtocolVersion>
<LdapPropertiesToLoad>cn,displayName,title,thumbnailPhoto</LdapPropertiesToLoad>
<ResultMapping>
<Mapping>
<Map Source="displayName" Target="PropertyX" />
</Mapping>
</ResultMapping>
<Claims>
<Claim type="http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" property="cn" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/displayName" property="displayName" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/title" property="title" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/userImage" property="thumbnailPhoto" />
<Claim type="http://schema.oneoffixx.com/ws/2011/01/identity/claims/fromMapping" property="PropertyX" />
</Claims>
</LdapSyncSource>The target is a value that must correlate with the property parameter of a claim. Details and configuration examples can be found here: Mapping.
PrimeSoft AG, Bahnhofstrasse 4, 8360 Eschlikon, Switzerland