Managing Application Security
OMS provides two application-level security options.
- Default Authentication Provider
- Lightweight Directory Access Protocol (LDAP) Authentication Provider
Default authentication provider is database-based security, which does not require configuration to use the default authentication provider. OMS uses the configured database to store the operational data of orders and execution plans.
OMS also supports LDAP-based authentication.
The following properties are required to configure OMS to use external LDAP server authentication.
| Parameters | Description |
|---|---|
| LDAP Server URL | LDAP Server URL ldap://<hostname>:port/<root context>. Many LDAP servers also support SSL-encrypted LDAPS, preferred for security purposes and to configure OMS to use SSL LDAP to connect to server use ldaps:// at the beginning of the LDAP server URL. |
| LDAP User Manager DN | User Manager Distinguished Name to be used to connect to LDAP Server. |
| LDAP User manager Password | Password of the user manager to be used for authentication. |
| User Search Base | A search base (the distinguished name of the search base object) defines the location in the directory from which the LDAP user search begins. |
| User Search Filter | Search filter to be used to locate the user. For example, use the following filter to substitute the login name with value for the uid (filter) in the directory:
filter (uid={0}) |
| Search Subtree | Flag to enable deep search through the sub tree of the LDAP Server URL + User Search Base. True by default. |
| Group Search Base | It defines the base DN under which the LDAP integration should look for one or more matches for the users' DN. The default value performs a search from the LDAP root. |
| Group Search Filter | It defines the LDAP search filter used to match user's DN to an attribute of an entry located under Group Search Base. The default value is (uniqueMember={0}). |
| Group Role Attribute | It defines the attribute of the matching entries, which is used to compose the user's role in OMS. Default value is cn. Attribute must have either admin or user as the value for the role attribute. Role-based authorization provided by OMS depends on the value specified in this attribute to provide appropriate permission for the user. |
Copyright © Cloud Software Group, Inc. All rights reserved.