...
- <LUNA Install Directory>/tomcat/luna_apps/luna.war/WEB-INF
Note | ||
---|---|---|
| ||
For clients who use Active Directory, they will have to set a flag to "1" in luna-security.xml: |
In the section that follows, only sections that are pertinent to the configuration are shown.
...
Code Block | ||
---|---|---|
| ||
<!-- The properties of ldapAuthenticationSearch need to be specified in the same way as Insight User Manager 6.x. See the InsightUserServer.dat file. Example for Active Directory --> <bean id="ldapAuthenticationSearch" class="com.luna.insight.client.security.ldap.LDAPAuthenticationSearchImpl"> <property name="ldapUserAttribute" value="insightUser" /> <property name="ldapURL" value="ldap://ldap.luna.edu" /> <property name="baseDN" value="dc=luna,dc=edu" /> <property name="loginSSL" value="0" /> <property name="trustStorePath" value="" /> <!-- Example for LDAPS: <property name="ldapUserAttribute" value="insightUser"/> <property name="ldapURL" value="ldaps://ldap.luna.edu"/> <property name="baseDN" value="dc=luna,dc=edu"/> <property name="loginSSL" value="1"/> <property name="trustStorePath" value="C:/myStoreFile"> --> </bean> |
...
Assigning credentials by pattern matching in user's DN for Active Directory LDAP
...
NOTE:
For Windows Active Directory, it should be enough to specify only 1 entry, (sAMAccountName={0}) in ldapSearchFilters. Unlike OpenLDAP, specifying complicated or wrong search condition for Active Directory results in time-out and considerable system delay.
The syntax of LdapSearchFilter_x is based on RFC 2254. See: http://www.ietf.org/rfc/rfc2254.txt
Code Block | ||
---|---|---|
| ||
<!-- Example for Active Directory --> <bean id="ldapCredentialsMap" class="com.lunaimaging.insight.core.domain.authenticators.ldap.LdapCredentialsMap"> <property name="ldapSearchFilters"> <list> <value>(sAMAccountName={0})</value> </list> </property> <property name="ldapSearchAttributes"> <list> <value>insightUser</value> </list> </property> <property name="conditions"> <list> <value>distinguishedName=English Department</value> <value>distinguishedName=CN=admin,OU=Art History*</value> <value>distinguishedName=Art History*</value> <value>distinguishedName=College of Letters and Science</value> </list> </property> <property name="mappedValues"> <list> <value>3</value> <value>4</value> <value>3</value> <value>2</value> </list> </property> </bean> |
...
Open LDAP example
Code Block | ||
---|---|---|
| ||
<bean id="authenticatorSearchLDAP" class="com.lunaimaging.insight.core.domain.authenticators.LdapSearchAuthenticator"> <property name="defaultCredentialsId" value="2" /> <property name="ldapAuthenticationSearch"> <ref bean="ldapAuthenticationSearch" /> </property> <property name="ldapSearchMap"> <ref bean="ldapCredentialsMap" /> </property> </bean> <!-- The properties of ldapAuthenticationSearch need to be specified in the same way as Insight User Manager 6.x. See the InsightUserServer.dat file. Example for OpenLDAP: --> <bean id="ldapAuthenticationSearch" class="com.luna.insight.client.security.ldap.LDAPAuthenticationSearchImpl"> <property name="ldapUserAttribute" value="insightUser" /> <property name="ldapURL" value="ldap://ldap.luna.edu" /> <property name="baseDN" value="dc=luna,dc=edu" /> <property name="loginSSL" value="0" /> <property name="trustStorePath" value="" /> <!-- Example for LDAPS: <property name="ldapUserAttribute" value="insightUser"/> <property name="ldapURL" value="ldaps://ldap.luna.edu"/> <property name="baseDN" value="dc=luna,dc=edu"/> <property name="loginSSL" value="1"/> <property name="trustStorePath" value="/usr/local/insight/LunaImaging/myStoreFile"> --> <property name="ldapSearchFilters"> <list> <value>(uid={0})</value> </list> </property> <property name="ldapSearchAttributes"> <list> <value>insightUser</value> </list> </property> <property name="ldapSecurityPrincipal" value="{0}" /> <property name="ldapSecurityPrincipalAttributes" value="dn" /> </bean> |
...
The syntax of LdapSearchFilter_x is based on RFC 2254. See: http://www.ietf.org/rfc/rfc2254.txt
Code Block | ||
---|---|---|
| ||
<bean id="ldapCredentialsMap" class="com.lunaimaging.insight.core.domain.authenticators.ldap.LdapCredentialsMap"> <property name="ldapSearchFilters"> <list> <value>(uid={0})</value> </list> </property> <property name="ldapSearchAttributes"> <list> <value>insightUser</value> </list> </property> <property name="conditions"> <list> <value>dn=English Department</value> <value>dn=uid=admin,ou=Art History*</value> <value>dn=Art History*</value> <value>dn=College of Letters and Science</value> </list> </property> <property name="mappedValues"> <list> <value>3</value> <value>4</value> <value>3</value> <value>2</value> </list> </property> </bean> |
...