LDAP

To use the LDAP-based owner adapter, follow these steps:

Procedure

  1. Navigate to the ASG_CONFIG_HOME directory.
  2. Edit the asg.properties file in a text editor.
  3. Set the following property:
    tibco.clientVar.oauth.owner.adapter.class=com.tibco.asg.oauth.identity.provider.jndildap.OwnerAdapterService
  4. Set the LDAP connection properties, as defined in the following table:
    LDAP Server Connection Parameters
    Property Description
    tibco.clientVar.oauth.identity.provider.ldap.host
      Specifies the hostname or IP address where LDAP directory server runs. This is required.

    For example, ldapserver.api.tibco.com

    tibco.clientVar.oauth.identity.provider.ldap.port
      Specifies the port where LDAP directory server runs. This is required.

    For example, 10389

    tibco.clientVar.oauth.identity.provider.ldap.loginDN
      Specifies the base distinguished name (DN) for the login user.

    For example, uid=admin,ou=system

    tibco.clientVar.oauth.identity.provider.ldap.loginPassword
      Specifies the password for the login user.

    For example, root@123

    tibco.clientVar.oauth.identity.provider.ldap.searchFilter
      Specifies the filter to be used for searching in admin mode against potential user objects.

    For example, search filter is specified as: Objectclass=*

    tibco.clientVar.oauth.identity.provider.ldap.ownerSearchTreeDn
      Specifies the base distinguished name (DN) where the searches for the users begin. You must supply the base DN that narrows the search to the smallest set of objects that includes all valid users.

    For example, ou=people,ou=na,dc=example,dc=org

    tibco.clientVar.oauth.identity.provider.ldap.ownerDnTemplate
      Specifies a template to be used when formatting user's DN before binding.

    For example, uid={0},ou=employee,ou=tsi,o=tibco

    In this string, the variable {0} represents the name of the user. The code substitutes the user name for this variable, and passes the resulting boolean expression to the LDAP server. The LDAP server matches that search expression against user objects to find a match. The search result must contain exactly one match. This is required for bind mode (not in admin search mode).

  5. Save changes to the asg.properties file.