Scenario 1: LDAP Authentication with Group Membership

This workflow describes the steps for authenticating a user with a group membership.

In this scenario, the first user's membership in a specified group is verified. After successful membership verification, the user is authenticated against the LDAP server with a qualified distinguished name (DN) and a user-supplied password.

Procedure

  1. The user provides a user name and password to log in.
  2. The login request is received by the Team Studio back end.
  3. The Team Studio back end verifies that the user name is for a registered/licensed user. Note that the user's password is not being authenticated at this time; the only thing being verified is that the user is a valid Team Studio user.
  4. If the user is a valid Team Studio user, the Team Studio back end sends a query message to the LDAP server to verify the user's group membership. The query parameters are read from the ldap.properties file.
  5. The query request returns a result that verifies whether the current user is a member of the specified group.
  6. If the current user is a member of the specified group, the Team Studio back end sends an authentication request to the LDAP server. The request parameters consist of a DN and a user-supplied password. The DN is constructed using the parameters from the ldap.properties file.
  7. The LDAP server authenticates the user and returns.
  8. If the user is authenticated successfully, the Team Studio back end navigates the user to the dashboard page. If the user is not authenticated, an error message is displayed.
Related tasks