Versions Compared

Old Version 1

changes.mady.by.user Luna

Saved on

compared with

New Version 2

changes.mady.by.user Luna

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note
titleFor 7.4.4.0+ and Active Directory LDAP

For clients who use Active Directory, they will have to set a flag to "1" in luna-security.xml:

    <property name="trustStorePath" value=""/>
    <property name="activeDirectory" value="1"/>

In the section that follows, only sections that are pertinent to the configuration are shown. 

...

Code Block
languagehtml/xml
<!-- 
The properties of ldapAuthenticationSearch need to be specified in the 
same way as Insight User Manager 6.x. See the InsightUserServer.dat file. 
Example for Active Directory
-->
<bean id="ldapAuthenticationSearch" class="com.luna.insight.client.security.ldap.LDAPAuthenticationSearchImpl">
   <property name="ldapUserAttribute" value="insightUser" />
   <property name="ldapURL" value="ldap://ldap.luna.edu" />
   <property name="baseDN" value="dc=luna,dc=edu" />
   <property name="loginSSL" value="0" />
   <property name="trustStorePath" value="" />
   <!--
Example for LDAPS:
<property name="ldapUserAttribute" value="insightUser"/>
<property name="ldapURL" value="ldaps://ldap.luna.edu"/>
<property name="baseDN" value="dc=luna,dc=edu"/>
<property name="loginSSL" value="1"/>
<property name="trustStorePath" value="C:/myStoreFile">
-->
</bean>

 

...

 



Assigning credentials by pattern matching in user's DN for Active Directory LDAP
...


NOTE:
For Windows Active Directory, it should be enough to specify only 1 entry, (sAMAccountName={0}) in ldapSearchFilters. Unlike OpenLDAP, specifying complicated or wrong search condition for Active Directory results in time-out and considerable system delay. 
The syntax of LdapSearchFilter_x is based on RFC 2254. See: http://www.ietf.org/rfc/rfc2254.txt 
 
 


 Code Block
languagehtml/xml
<!-- Example for Active Directory 
-->
<bean id="ldapCredentialsMap" class="com.lunaimaging.insight.core.domain.authenticators.ldap.LdapCredentialsMap">
   <property name="ldapSearchFilters">
      <list>
         <value>(sAMAccountName={0})</value>
      </list>
   </property>
   <property name="ldapSearchAttributes">
      <list>
         <value>insightUser</value>
      </list>
   </property>
   <property name="conditions">
      <list>
         <value>distinguishedName=English Department</value>
         <value>distinguishedName=CN=admin,OU=Art History*</value>
         <value>distinguishedName=Art History*</value>
         <value>distinguishedName=College of Letters and Science</value>
      </list>
   </property>
   <property name="mappedValues">
      <list>
         <value>3</value>
         <value>4</value>
         <value>3</value>
         <value>2</value>
      </list>
   </property>
</bean>
...
 
 



Open LDAP example
 Code Block
languagehtml/xml
<bean id="authenticatorSearchLDAP" class="com.lunaimaging.insight.core.domain.authenticators.LdapSearchAuthenticator">
   <property name="defaultCredentialsId" value="2" />
   <property name="ldapAuthenticationSearch">
      <ref bean="ldapAuthenticationSearch" />
   </property>
   <property name="ldapSearchMap">
      <ref bean="ldapCredentialsMap" />
   </property>
</bean>
<!-- 
The properties of ldapAuthenticationSearch need to be specified in the 
same way as Insight User Manager 6.x. See the InsightUserServer.dat file. 
Example for OpenLDAP:
-->
<bean id="ldapAuthenticationSearch" class="com.luna.insight.client.security.ldap.LDAPAuthenticationSearchImpl">
   <property name="ldapUserAttribute" value="insightUser" />
   <property name="ldapURL" value="ldap://ldap.luna.edu" />
   <property name="baseDN" value="dc=luna,dc=edu" />
   <property name="loginSSL" value="0" />
   <property name="trustStorePath" value="" />
   <!--
Example for LDAPS:
<property name="ldapUserAttribute" value="insightUser"/>
<property name="ldapURL" value="ldaps://ldap.luna.edu"/>
<property name="baseDN" value="dc=luna,dc=edu"/>
<property name="loginSSL" value="1"/>
<property name="trustStorePath" value="/usr/local/insight/LunaImaging/myStoreFile">
-->
   <property name="ldapSearchFilters">
      <list>
         <value>(uid={0})</value>
      </list>
   </property>
   <property name="ldapSearchAttributes">
      <list>
         <value>insightUser</value>
      </list>
   </property>
   <property name="ldapSecurityPrincipal" value="{0}" />
   <property name="ldapSecurityPrincipalAttributes" value="dn" />
</bean>
...


The syntax of LdapSearchFilter_x is based on RFC 2254. See: http://www.ietf.org/rfc/rfc2254.txt 
 
 


 Code Block
languagehtml/xml
<bean id="ldapCredentialsMap" class="com.lunaimaging.insight.core.domain.authenticators.ldap.LdapCredentialsMap">
   <property name="ldapSearchFilters">
      <list>
         <value>(uid={0})</value>
      </list>
   </property>
   <property name="ldapSearchAttributes">
      <list>
         <value>insightUser</value>
      </list>
   </property>
   <property name="conditions">
      <list>
         <value>dn=English Department</value>
         <value>dn=uid=admin,ou=Art History*</value>
         <value>dn=Art History*</value>
         <value>dn=College of Letters and Science</value>
      </list>
   </property>
   <property name="mappedValues">
      <list>
         <value>3</value>
         <value>4</value>
         <value>3</value>
         <value>2</value>
      </list>
   </property>
</bean>


 
 
...