Dashboard > Pulse v1.2 > ... > Settings > LDAP Configuration
  Pulse v1.2 Log In | Sign Up   View a printable version of the current page.  
  LDAP Configuration
 Browse Space
Added by Jason Sankey, last edited by Jason Sankey on Mar 28, 2007  (view change)
Labels: 
(None)

Pulse Manual Index

Overview

Pulse is able to optionally authenticate users against an existing LDAP server. To authenticate against LDAP, provide the details required to connect to your LDAP server and an LDAP filter to identify users. You may then add users that are authenticated via LDAP rather than pulse passwords. Using the "auto add new users" option you can also allow new pulse users to be created for usernames authenticated successfully via LDAP.

You can also, optionally, integrate the groups defined within your LDAP directory. By creating groups with matching names in your pulse™ server, and configuring group details appropriately, users can be automatically granted pulse™ group membership based on their LDAP group membership. Users added to pulse™ groups in this way will inherit the authorities granted to that pulse™ group. They will not, however, be added as members of the pulse™ group permanently (and thus will not show up as members in the pulse™ interface). Instead, their membership is reevaluated each time they log in, to keep pulse™ in sync with changes to the LDAP directory.

Configuration

enable ldap integration

Check this box to enabled LDAP authentication for your pulse server.

ldap host url

The URL of your LDAP host, including the port to connect to.

This setting is required.

Example

ldap://ldap.example.com:389/

base dn

The base distinguished name under which to search for users.

This field is required.

Example

dc=example,dc=com

manager dn

Distinguished name for the manager account if required for initial binding. Required when your LDAP server does not allow anonymous binding.

Example

cn=admin,dc=example,dc=com

manager password

The password for the manager account, only used when a manager dn is provided.

user base dn

Distinguished name, relative to the base distinguished name, under which to search for users. If left blank, the search begins from the base distinguished name, which will usually work (but may place unnecessary load on the LDAP server). For some Active Directory servers this setting may be necessary.

Example

ou=Users

user filter

An LDAP filter used to locate the user matching the login name provided by the user to pulse. This login name may be referred to in the filter by using the ${login} variable.

Examples

A typical, simple search:

(uid=${login})

Typical active directory search:

(sAMAccountName=${login})

A search restricted to users in the "developers" group:

(&(uid=${login})(group=developers))

auto add new users

If this box is checked, users that are successfully authenticated via LDAP can be automatically added to pulse. When a user provides a login that does not exist in pulse, authentication against LDAP will be attempted. If the authentication is successful, the user will be added to pulse automatically, to be authenticated via LDAP. Pulse will attempt to retrieve the user's full name from the LDAP server.

email attribute

If set, this value is used as the name of an attribute in the user records that contains the user's email address. When a user is added via the auto-add mechanism, the value of this attribute will be used to create an email contact point for the user.

If this value is not set no contact point will be created for auto added users.

Example

mail

group root dn

The distinguished name of the subtree in which to search for LDAP groups, relative to the base dn configured above. Setting this value will enable group integration.

Example

ou=groups

group search filter

Filter used to search under the group root dn for groups that a user is a member of. To refer to the user, use the variable ${login} for their pulse™/LDAP login name, or ${user.dn} for their full distinguished name in the LDAP directory. This filter identifies the LDAP groups the user is a member of, which will result in the user being automatically added to groups of the same name within pulse™, where such groups exist. The name of the LDAP group is derived using the group name attribute (see below).

Default Value

(member=${user.dn})

group name attribute

The LDAP attribute that holds the name of a group. When a group is found via the group search, it's name is extracted by looking at the value of this attribute. This name is then used to find any matching pulse™ group.

Default Value

cn

search group subtress

By default, groups are only searched for directly under the group root dn. To search the entire subtree under this dn recursively, check this option.

follow referrals

If checked, pulse™ will automatically follow any referrals returned by the LDAP server. This setting is usually unnecessary, as referrals are not usually returned. It is most-commonly required for Active Directory.

PartialResultExceptions

If you receive LDAP error messages including references to javax.naming.PartialResultException, try checking the follow referrals option.

escape space characters

When checked, spaces within distinguished name values will be escaped by pulse™. Uncheck this value or escape spaces manually if your LDAP server requires non-standard escaping.

Zutubi wiki is Powered by Atlassian Confluence, the Enterprise Wiki. (Version: 2.2.10 Build:#528 Nov 29, 2006) - Bug/feature request - Contact Administrators