Managing Application Security
Order Management Server provides two application-level security options.
- Default Authentication Provider
- Lightweight Directory Access Protocol (LDAP) Authentication Provider
Default authentication provider is database-based security, which does not require configuration to use the default authentication provider. Order Management Server uses the configured database to store the operational data of orders and execution plans.
Order Management Server also supports Lightweight Directory Access Protocol-based authentication.
The following properties are required to configure the Order Management Server to use external Lightweight Directory Access Protocol server authentication.
| Parameters | Description |
|---|---|
| Lightweight Directory Access Protocol Server URL | Lightweight Directory Access Protocol Server URL ldap://<hostname>:port/<root context>. Many Lightweight Directory Access Protocol servers also support SSL-encrypted Lightweight Directory Access Protocols, preferred for security purposes and to configure Order Management Server to use SSL Lightweight Directory Access Protocol to connect to server use ldaps:// at the beginning of the Lightweight Directory Access Protocol server URL. |
| Lightweight Directory Access Protocol User Manager DN | User Manager Distinguished Name to be used to connect to Lightweight Directory Access Protocol Server. |
| Lightweight Directory Access Protocol User manager Password | Password of the user manager to be used for authentication. |
| User Search Base | A search base (the distinguished name of the search base object) defines the location in the directory from which the Lightweight Directory Access Protocol user search begins. |
| User Search Filter | Search filter to be used to locate the user. For example, use the following filter to substitute the login name with value for the uid (filter) in the directory:
filter (uid={0}) |
| Search Subtree | Flag to enable deep search through the sub tree of the Lightweight Directory Access Protocol Server URL + User Search Base. True by default. |
| Group Search Base | It defines the base DN under which the Lightweight Directory Access Protocol integration might look for one or more matches for the users' DN. The default value performs a search from the Lightweight Directory Access Protocol root. |
| Group Search Filter | It defines the Lightweight Directory Access Protocol search filter used to match user's DN to an attribute of an entry located under Group Search Base. The default value is (uniqueMember={0}). |
| Group Role Attribute | It defines the attribute of the matching entries, which is used to compose the user's role in Order Management Server. The default value is cn. Attribute must have either admin or user as the value for the role attribute. Role-based authorization provided by Order Management Server depends on the value specified in this attribute to provide appropriate permission for the user. |
Copyright © 2023. Cloud Software Group, Inc. All Rights Reserved.