LDAP configuration parameters

The OpenKM LDAP integration is based on a couple of LDAP searches to retrieve data.

LDAP queries are composed by tree elements:

1. Attribute or object to retrieve.
2. Node base to scope the request.
3. Filtering options.

Sample query

The query to retrieve mail attribute from an object of type person with sAMAccountName attribute value with {0} - this parameter indicate the userId - from node cn=users,dc=company,dc=local and descendants.

LDAP queries

• principal.ldap.user.* are used to retrieve user list.
• principal.ldap.username.* are used to retrieve user name.
• principal.ldap.mail.* are used to retrieve user mail adress.
• principal.ldap.role.* are used to retrieve role list.
• principal.ldap.roles.by.user.* are used to retrieve the roles of a user.
• principal.ldap.users.by.role.* are used to retrieve users of a role.

For retrieving data, are injected arguments into option filters. For example, for getting the user mail, the application use parameter {0} to set argument value - userId - into filtering options.

Queries that use parameters to filtering:

• principal.ldap.mail.search.filter=(sAMAccountName={0}). Where {0} is attribute value retrieved from principal.ldap.user.attribute.
• principal.ldap.roles.by.user.search.filter=(&(objectclass=user)(sAMAccountName={0})). Where {0} is attribute value retrieved from principal.ldap.user.attribute.
• principal.ldap.username.search.filter=(sAMAccountName={0}). Where {0} is attribute value retrieved from principal.ldap.user.attribute.
• principal.ldap.users.by.role.search.filter=(&(objectClass=group)(cn={0})). Where {0} is attribute value retrieved from principal.ldap.role.attribute.

Parameters

Sample configuration