A common usage of LDAP is to provide a "single sign-on" where one password for a user is shared between many services, such as applying a company login code to web pages (so that staff log in only once to company computers, and then are automatically logged in to the company intranet)
Groups are a quick way of giving users common access to certain features or functionality within an LDAP directory. The access to directive (cn=config, olcAccess) contains a group specific variant in the <who> clause for just this purpose. The actual rights assigned to the group are also defined in the Access to directive (cn=config, olcAccess). Groups use the groupofnames objectClass.
Example:
The following LDIF fragments shows building a group called itpeople who could be given privileges to access or change passwords or configuration parameters in user entries. The individual group member entries are assumed to already exist in the directory under a classic ou=people branch. This configuration creates a separate branch called groups under which is placed the itpeople group. The following diagram illustrates this organisation:
First connect the Apache Directory Studio with Apache Directory Server using new Connection
Navigate to file → connect. It will open window.
Steps to connect:
· Host → IdrisTest
· Port → 10389
After opening the Connection successfully, First create ou(Organisation Unit)
Select organizational Unit object class
Select RDN (Relative Distinguished Name) as ou(Organization Unit) and enter the name as Jordans
Create a user under ou=people
Next to create a required Groups say Standard.
First create a groups as organizational unit (ou) and add the groups say standard and standardplus under the groups
After Creating the group assigns the user using member attribute
Now, Integrating the LDAP with Liferay
Note enabled checkbox will enable LDAP authentication, and required check will always look for authentication in LDAP only, say if any user is delete from LDAP and that user entry available in the Liferay database still user will not allow to login.
Click the Add button to add LDAP
Base Provider Url: ldap:// IdrisTest:10389
· Base DN: dc=example,dc=com
· Principal: uid=admin,ou=system
· Credentials: jordans
· Now click on Test Ldap Connection. If everything is ok it will show successful message
· Now click on Test Ldap Users. It should display users list.
· Now just alter (objectClass=groupOfUniqueNames) to (objectClass=groupOfNames) and userobject uniqueMember to member click “TestLDAPUsers”
nable import enabled, Import enabled on startup.
· Finally save the settings
Comments
Post a Comment