Creating an LDAP Container Using an LDAP Group Source

A Group DN is used to identify the directory entry that is the group. When a Group DN is specified, a member attribute is also specified, which holds the collection of member identifiers, that is, their DNs. This provides the list of candidate resources.

1. Find out the LDAP Connection Shared Resources that are configured in ActiveMatrix Administrator by calling listLdapConnections.

   Only those whose instance name is prefixed with "ldap/de/" are listed.

   One of the returned sources must be specified as the primary LDAP source when calling saveContainer to create the LDAP container.

2. Call listAttributeNames to get the groups and member attribute that can be used when calling saveContainer in the next step.
3. Call saveContainer to create and save a new LDAP container.

   The required parameters are:

   • name - This is the name you want assigned to the new LDAP container. It must be unique on the Directory Engine.
   • primary-ldap.ldap-alias - You must specify a primary LDAP source, and one that identifies a valid LDAP connection. A list of the available LDAP sources were returned from listLdapConnections in step 1.
   • group-dn - The LDAP directory entry that is the group. If the following LDAP directory identifies the group, the group-DN is "ou=CSR,ou=groups,o=insuranceServices":

     

   • member-attribute - Identifies the attribute within the group entry that holds the collection of DNs that identifies the candidate resources. In the following example, the roleoccupant attribute identifies candidate resources:

     

   • resource-name-attributes - The attribute(s) whose value(s) the resource will use to log into the system.

     Additional optional parameters are also available for adding secondary LDAP group sources, setting up organizational relationships, and so on. For information about those parameters, see saveContainer.

Copyright © Cloud Software Group, Inc. All rights reserved.