Integration/LDAP

From TempusServa wiki
Revision as of 13:59, 8 March 2013 by old>Admin
Jump to navigation Jump to search

Basic configuration is the name of the LDAP server and domain that is binded to the application

  • ldapServer
  • ldapDomainDefault

Different options for LDAP integration exists

  1. Validate credentials: Check username/password against LDAP
  2. Synchronize groups: Add/remove groups as defined in the LDAP
  3. Create missing users: Create users with correct LDAP credentials

Credential validation (1) is mandatory, while group synchronization (2) and automatic user creation (3) is optional.

  1. ldapAuthentication
  2. ldapMaintainGroupsOnLogon
  3. ldapCreateUsers

In case the LDAP is not responding the server can be allowed to use local application credentials:

  • ldapAuthenticationFallback

In order to communicate with the LDAP server, the Tempus Serva application will need its own acount to carry out many of the synchronization operations:

  • ldapUsername
  • ldapPassword

No permissions except lookup rights are required for this role.