LDAP Authentication

LDAP Authentication shared resource represents configuring the connection to an LDAP server. This connection is used by component implementations to look up names in an LDAP directory server.

LDAP Authentication is primarily used for HTTP basic authentication in TIBCO BusinessWorks™ Container Edition. The following fields are commonly used:

  • Server URL: LDAP Server Location, such as, ldap://10.107.170.145:389
  • User Search Expression: search expression for the user, such as (&(cn={0})(objectclass=user))
  • User DN Template: user distinguished name template, such as cn={0},cn=users,dc=na,DC=tibco,DC=com

General

The General section has the following fields.

Field Description
Package The name of the package in which you want to create a shared resource.
Name The name of the shared resource.
Description A short description of the shared resource.

LDAP Authentication

The LDAP Authentication section has the following tabs:

Connection

The Connection tab has the following fields.

Field Literal Value/Module Property Description
Server URL Yes The URL with the host and port number on which the LDAP server is listening for connections.

The default is ldap://localhost:389

User Search Expression Yes Search expression for the user, such as (&(cn={0})(objectclass=user)).
Admin User Credential None The username and password in LDAP format such as cn={0},CN=Users,DC=ce,DC=na,DC=tibco,DC=com. Create a limited or restricted user that can only search your tree.

Selecting this check box displays the Credentials Provider option.

Credential Provider None Select the identity provider having LDAP server admin credentials.
User Search Base DN Yes The LDAP user search expression to be used for performing the user search in a specified hierarchy. Leave this field blank to start search from the top level element in the directory.
User Search Scope None This specifies the number of levels in the directory server that is searched for a matching user profile. Select any from the following available options:
  • Subtree: indicates all the sub-entries (all lower levels)
  • One level: indicates all entries immediately (one level)

The default value is Subtree.

User DN Template Yes This field appears when the Admin User Credentials check box is not selected. Write user distinguished name template, such as cn={0},cn=users,dc=na,DC=tibco,DC=com.
SSL Configuration None Select this check box to configure an SSL Client.
SSL Client None The name of the resource. In the SslClientResource Resource Template wizard, create a resource to connect to the LDAP server over SSL using SSL client shared resource.

Users and Groups

The Users and Groups tab has the following fields.

Field Literal Value/Module Property Description
User's name Yes The name of the user in the LDAP directory.
Additional user attributes to retrieve Yes The field specifies the LDAP attribute used to search and retrieve the user profile. For example, using a different attribute in your directory server such as the given name.
Group Indication None Specifies the following groups:
  • No Group Info
  • User Attributes Indicates Group: used for grouping the user that matches the specified attribute. When selected, displays the User Attribute Group Name field.
  • User DN Indicates Group: group of user DN. When selected, displays the User Attribute Group Name field.
  • Search Groups:

Selecting the Search Groups option displays the following groups:

  • Group Root DN
  • Group Search Expression
  • Group Attribute User Names
  • Group Attribute Group Name
  • Group Attribute Subgroup Name
Note: The Group Indication is useful for Authorization by roles in the Basic Authentication policy resource.

Search

The Search tab has the following fields.

Field Literal Value/Module Property Description
User Search Scope None This specifies the number of levels in the directory server that is searched for a matching user profile. Select any from the following available options:
  • Subtree: indicates all the sub-entries (all lower levels)
  • One level: indicates all entries immediately (one level)

The default is Subtree.

Group Root DN Yes The root distinguished name (DN) group name.
Group Search Scope None Provides the search scope option, true or false.
  • Select true, if you want to scan the entire LDAP tree beneath the DN (subtree scope).
  • Select false, if you want to scan only direct children of that DN (one-level scope).
Group Search Expression Yes The group search expression property

Advanced

The Advanced tab has the following fields.

Field Literal Value/Module Property Description
Follow Referrals None When you select this check box, the LDAP server does not return results. Instead it returns a reference (a referral) to another LDAP server which may contain additional information such as the names and locations of other objects.
Connection Pool Yes Specify the number of the connections in this field. The default is 10.

All activities that are part of the same transaction, use the same connection in the connection pool. The first activity in a transaction attempts to reestablish an invalid connection. If a connection becomes invalid during a transaction, the transaction is rolled back and must be retried, if necessary.

Search Timeout Yes Specifies the timeout in milliseconds for LDAP search. The default is 0.

Test Configuration

The Test Configuration tab has the following fields.

Field Description
Test Click the Test button to start testing the LDAP search operation.
Search Results Shows the search results returned by the LDAP search operation.