Difference between revisions of "LDAP Group Cache App-bundle (Aspire 2)"

From wiki.searchtechnologies.com
Jump to: navigation, search

For Information on Aspire 3.1 Click Here

 
Line 7: Line 7:
 
|appBundleName=Ldap Group Cache
 
|appBundleName=Ldap Group Cache
 
|mavenCoordinates=com.searchtechnologies.aspire:app-ldap-group-cache
 
|mavenCoordinates=com.searchtechnologies.aspire:app-ldap-group-cache
|versions=2.1
+
|versions={{CurrentVersion2.X}}
 
|typeFlags=None
 
|typeFlags=None
 
}}  
 
}}  

Latest revision as of 00:18, 9 December 2015

 (2.1 Release)  


LDAP Group Cache App-bundle (Aspire 2)
AppBundle Name  Ldap Group Cache
Maven Coordinates  com.searchtechnologies.aspire:app-ldap-group-cache
Versions  2.2.2
Type Flags  None
Inputs  N/A
Outputs  N/A

LDAP Group Cache

The LDAP Group Cache app-bundle is loaded as the LDAP Cache Service and contains the functionality to download users and groups and their attributes from LDAP.

The bundle uses the following components:


Configuration

This section lists all configuration parameters available to install the LDAP services Application Bundle.


General Application Configuration

Property Type Default Description
useScript boolean false If false, the bundle will expect to connect to an LDAP server to populate the cache. If true, cache population will run a script
enableLdapConnector boolean true If true, the bundle will load an LDAP connector to provide LDAP connectivity
scriptFile String [Required (script)] The name of the script to run to gather the information for cache population
jsonScript boolean false If true, treat the script output as JSON. Otherwise treat it as XML
server string The LDAP server host address. Example: ldap//10.10.44.82:389
authentication string anonymous Authentication type used for any LDAP request. Options are 'none', 'simple' and 'DIGEST-MD5'.
user string N/A Username used to authenticate against the given LDAP server. If 'none' authentication type was selected, you can ignore this.
password string N/A Password used to authenticate against the given LDAP server. If 'none' authentication type was selected, you can ignore this.
readTimeout int 600000
(=60s)
Read timeout in ms. The period may be entered in milliseconds, or with the suffix ms, s, m, h, d to indicate the units
connectTimeout int 600000
(=60s)
Connection timeout in ms. The period may be entered in milliseconds, or with the suffix ms, s, m, h, d to indicate the units
searchBase string [Required (ldap)] The base directory in the LDAP for searches. Normally this is the domain of the LDAP server.
scope int 2 The scope of the LDAP for searches. 0 = search base only, 1 = search base and immediate children, 2 = subdirectory
userQuery string [Required (ldap)] The LDAP query used to find all users to be cached
userAttributes XML The LDAP attributes to be retrieved and stored in the cache for users
groupQuery string [Required (ldap)] The LDAP query used to find all users to be cached
groupAttributes XML <all> The LDAP attributes to be retrieved and stored in the cache for groups
userKeyAttr string dn (a pseudo attribute representing the object dn) The attribute in LDAP that is the unique key for the user
userNameAttr string sAMAccountName The attribute in LDAP that holds the account name
groupKeyAttr string dn (a pseudo attribute representing the object dn) The attribute in LDAP that is the unique key for the group
groupNameAttr string sAMAccountName The attribute in LDAP that holds the account name
groupMappingAttr string memberOf The attribute in LDAP that holds the groups for a user, or users for a group
groupsHoldMembers boolean false If true, group objects reference their members (typically via a uniqueMember attribute). If false, user objects reference their groups (typically via a memberOf attribute).
lowerCase boolean false Tells if group names retrieved from LDAP should be changed to lower case.
retryDelay long 0 The delay following an error before a retry is attempted. The period may be entered in milliseconds, or with the suffix ms, s, m, h, d to indicate the units
retries long 1 The number of retries attempted, should an error occur, for an LDAP request before an Exception is thrown
pageSize int 1000 The page size of the search query (max 1000). If there are less results for a search than the page size, a single page will be returned. If there are more, the results will be returned in pages. This will be transparent to the client
stripRequestDomain boolean false If true, any domain on the user given in the group expansion request will be removed before the request is made to the server
addRequestDomain String If given, the given domain will be added to the user given in the group expansion request (overwriting any existing domain) before the request is made to the server
stripResponseDomain boolean false If true, any domain on the groups returned from the group expansion server will be removed before the group expansion request is returned
addResponseDomain String If given, the given domain will be added to the groups returned from the group expansion server will be removed before the group expansion request is returned
staticGroups XML Any groups added here will be added (exactly as specified here) to the group expansion request before it is returned
addPublic boolean false If true, the generic public:all group will be added to the group expansion request before it is returned
debug Boolean false Controls whether debugging is enabled for the application. Debug messages will be written to the log files.


Configuration Example

Using LDAP

To install the application bundle, connecting to an LDAP server to for cache population, add the configuration, as follows, to the <autoStart> section of the Aspire settings.xml.

<?xml version="1.0" encoding="UTF-8"?>
<application config="com.searchtechnologies.aspire:app-ldap-group-cache">
  <properties>
    <property name="useScript">false</property>
    <property name="enableLdapConnector">true</property>
    <property name="server">ldap://10.10.20.7:389</property>
    <property name="authentication">simple</property>
    <property name="user">search\sdenny</property>
    <property name="password">encrypted:0E206C5AED2A061A0B929A128B512652</property>
    <property name="connectTimeout">15s</property>
    <property name="readTimeout">15s</property>
    <property name="searchBase">dc=search,dc=local</property>
    <property name="scope">2</property>
    <property name="userQuery">(&(objectClass=user)(objectClass=organizationalPerson)(!(objectClass=computer)))</property>
    <property name="userAttributes"><users><attribute>cn</attribute><attribute>sn</attribute><attribute>c</attribute><attribute>l</attribute><attribute>title</attribute><attribute>description</attribute><attribute>telephoneNumber</attribute><attribute>givenName</attribute><attribute>memberOf</attribute><attribute>sAMAccountName</attribute><attribute>mail</attribute></users></property>
    <property name="groupQuery">(objectClass=group)</property>
    <property name="groupAttributes"><groups><attribute>sAMAccountName</attribute><attribute>cn</attribute><attribute>mail</attribute><attribute>member</attribute></groups></property>
    <property name="lowerCase">false</property>
    <property name="userKeyAttr">dn</property>
    <property name="userNameAttr">sAMAccountName</property>
    <property name="groupKeyAttr">dn</property>
    <property name="groupNameAttr">sAMAccountName</property>
    <property name="groupMappingAttr">member</property>
    <property name="groupsHoldMembers">true</property>
    <property name="schedule">0 0 0 ? * *</property>
    <property name="generalConfiguration">true</property>
    <property name="addPublic">false</property>
    <property name="staticGroups"><staticGroups/></property>
    <property name="requestDomain">leave</property>
    <property name="addRequestDomain"/>
    <property name="stripRequestDomain">false</property>
    <property name="responseDomain">leave</property>
    <property name="addResponseDomain"/>
    <property name="stripResponseDomain">false</property>
    <property name="retries">3</property>
    <property name="retryDelay">5s</property>
    <property name="pageSize">1000</property>
    <property name="debug">true</property>
  </properties>
</application>

Using Script

To install the application bundle using a script for cache population, add the configuration, as follows, to the <autoStart> section of the Aspire settings.xml.

<?xml version="1.0" encoding="UTF-8"?>
<application config="com.searchtechnologies.aspire:app-ldap-group-cache">
  <properties>
    <property name="useScript">true</property>
    <property name="enableLdapConnector">false</property>
    <property name="scriptFile">c:\ldap\populate.bat</property>
    <property name="jsonScript">false</property>
    <property name="lowerCase">false</property>
    <property name="userKeyAttr">dn</property>
    <property name="userNameAttr">sAMAccountName</property>
    <property name="groupKeyAttr">dn</property>
    <property name="groupNameAttr">sAMAccountName</property>
    <property name="groupMappingAttr">member</property>
    <property name="groupsHoldMembers">true</property>
    <property name="schedule">0 0 0 ? * *</property>
    <property name="generalConfiguration">true</property>
    <property name="addPublic">false</property>
    <property name="staticGroups"><staticGroups/></property>
    <property name="requestDomain">leave</property>
    <property name="addRequestDomain"/>
    <property name="stripRequestDomain">false</property>
    <property name="responseDomain">leave</property>
    <property name="addResponseDomain"/>
    <property name="stripResponseDomain">false</property>
    <property name="retries">3</property>
    <property name="retryDelay">5s</property>
    <property name="pageSize">1000</property>
    <property name="debug">true</property>
  </properties>
</application>

Note: Any optional properties can be removed from the configuration to use the default value described on the table above.