Versions Compared

Old Version 1

changes.mady.by.user Ambarish Ganesh

Saved on

compared with

New Version 2

changes.mady.by.user Brian Miller

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Update for 3.4: add mention of ldap.mailAttribute + clarify meaning of each parameter

...

(info) Note that Syndeia Cloud 3.3/3.4 does not yet support LDAP Groups, we are working on adding this feature.

2. Pre-Requisites

  1. Syndeia Cloud 3.3 .0+SP1+, 3.4: (info) This is a newer LDAP build vs. the Syndeia Cloud 3.2 public release which originally did not support LDAP.that added support for MS AD LDAP

  2. Syndeia Java Client (MD/RH plugin or Standalone) v3.3.0+: (info) You can verify the version by examining the titlebar when the Dashboard is open or for MD via the version column in the plugin list.

...

  1. Edit the Web-Gateway µ-service’s /conf/silhouette.conf file and scroll to the LDAP provider section, as shown below.

    Code Block
    languagebash
    # LDAP provider
# The values for hostname, baseDN and adminUserDN are placeholder values.
# Please provide actual values, and the value for adminPassword, before using an LDAP provider.
ldap.hostname="ldapserver.mycompany.com"
# ldap.port=389|636(TLS)|<custom>
ldap.port=389
ldap.baseDN="dc=mycompany,dc=com"
ldap.adminUserDN="cn=admin,dc=mycompany,dc=com"
ldap.adminPassword=""
ldap.userBindAttribute="uid"
ldap.mailAttribute="userPrincipalName"
# [optional]:  For SSL/TLS + certificate-based LDAPS
# ldap.startTLS=false|true
ldap.startTLS=false
ldap.truststorePath="",
ldap.truststorePassword="",
ldap.trustStoreType = "",
# ldap.trustAllCertificates=true|false
ldap.trustAllCertificates=true

  2. Specify values for L4-10 11 in the LDAP provider section, these are the minimum required parameters and includes the LDAP:

    1. hostname: FQDN of LDAP server,

    2. port: port of LDAP server, usually 389 or 636 (TLS),

    3. baseDN: base Distinguished Name (DN) from where to perform searches from,

    4. adminUserDN: DN of admin user to bind to perform searches for other users,

    adminPassword (the last two fields are

    2. adminPassword: password for admin user
      (info) adminUserDN & adminPassword are normally required for making the initial connection to the LDAP server before verifying the user.
      In some (public) organizations where the LDAP server does not require any credentials to access it, these two fields may be left empty.

    3. ldap.userBindAttribute: this attribute refers to the attribute that defines the username, usually "uid"

    4. ldap.mailAttribute: basically the attribute that contains an RFC822-format (email-syntax) user identifier ("userPrincipalName" in MS AD, “email” in OpenLDAP)

  3. Save the changes

  4. Restart the web-gateway service.

At this point, if a user authenticates via LDAP with the Syndeia client, it should automatically create an account with default user read-level permissions, ie: you can open a project and read information but not create new connections, repositories, or projects.
If the user requires more permissions, use the User Management feature in the Web Admin Portal to change this.