[Advanced] Bpm Ldap Lookup Providers (Conf)

Using this feature, users can add LDAP/AD lookup providers, which are used by the Bpm node "ldap_lookup" to perform searches on external providers. For further details about the Bpm node "ldap_lookup", refer to the administration manual.


../../../../_images/bpm_ldap_lookup_providers.png

To configure a new provider, press the New LDAP provider button.

Enter the name of the provider, press the Save Changes button, then define the provider configuration. For further details, refer to the Connection section.

Select a configuration pressing the <Preset> menu button, and from the arrow icon on the right, select the database type (LDAP or Active Directory).

Connection

The following descriptions are about the connection settings:

  • URL: the address of the external authentication system.

  • User DN: a user of the LDAP system.

  • Password: the password of the user specified in userDN.

  • Confirm Password: the password of the user specified in userDN entered in the upper field.

  • Authentication Type: authentication mechanism used by the LDAP protocol. Possible values are SIMPLE or GSSAPI.

  • Realm (only GSSAPI): the GSSAPI/Kerberos authentication realm.

  • Kerberos KDC (only GSSAPI): the KDC (Key Distribution Center) for GSSAPI/Kerberos. Usually the Domain Controller.

  • Base path: the starting path used to build the search path for queries.

  • Read timeout: the timeout for LDAP queries.

  • Context pooled: if checked, it enables the context pooled .

Ldap caches the password for a specific user and password combination with pooled connections.

  1. Authenticate with user "cn=joe, dc=de" and password "test" -> Result: true.

  2. Change the userPassword Attribute to "newtest".

  3. Authenticate with user "cn=joe, dc=de" and password "test" -> Result: true!

  4. Restart the ldap provider.

  5. Authenticate for user "cn=joe, dc=de" and password "test" -> Result: false.

Uncheck the connection pooling, to solve this issue.

Query Test

Using the test feature, users can perform a query on the provider. To perform a test, click on Test query button.

If the configuration is correct, the test is successful. The test gives a feedback of the connection performance and the output message notifies information about Connection Status, Connection Time and Query Time. A comment referred to Time fields, which is wrote in parentheses, reveals the database performance.

According to the attribute types defined in the LDAP/AD application, enter the Query ldap (e.g. cn=Mark) and the Field (e.g postalAddress for email field).

To save, press the Save Changes button and then Back.

To delete a provider, select the provider, press the Trash button, then press Confirm.

To modify a provider, select the provider, press the Edit button. To save changes, press Save Changes and then Back.

In case of errors, refer to the Troubleshooting section.

Note

After configuration changes are made, restart the Genius Server.