Basic LDAP integration - Configuring the connection
JNDI Configuration
Create a new service for the JNDI connection using Ubisecure Server Management.
- In Ubisecure Server Management, select Home → Services → New Service…
Create Directory Service Configuration window opens.
Enter a title for the service (for example: "Basic LDAP").
Select "Generic" from the Select pre-defined drop-down menu.
After this selection, values for Directory Factory and Directory Schema (LDAP) fields are autogenerated.
You may add a description in the Description field.
Continue by pressing OK.
Figure 1. Create Directory Service Configuration – Basic LDAP Service Configuration view for the newly created configuration opens.
Now that you have the service object created, you can fill in the connection information in this view.
Enter the address of the LDAP service provider in the Service URL field.
Enter the username used to connect to the external directory in the Username field.
Enter that user's password in the Credentials field.
Click Update to store the changes.
Figure 2. Service Configuration – Basic LDAP
java.naming.factory.initial = com.ubisecure.util.ldap.jldap.JLDAP java.naming.provider.url = ldaps://pdc.example.com/dc=example,dc=com java.naming.security.authentication = simple java.naming.security.principal = cn=UbiUser,dc=example,dc=com java.naming.security.credentials = secret java.naming.security.protocol = ssl
Ubisecure Server will load these JNDI settings for external directory bind during the next startup.
Setting | Description |
---|---|
java.naming.factory.initial | The Initial Context Factory. |
java.naming.provider.url | URL of the LDAP service provider. |
java.naming.security.authentication | The authentication mechanism for directory connection. Unspecified, the value defaults to "none". Other available values are "simple" or a name representing an implementation of SASL (RFC2222). The "simple" mechanism authenticates the user by providing the username along with a plain-text password. Obviously, with this method it is advisable to use an SSL protected connection for security reasons. |
java.naming.security.principal | The principal or username used to connect to the external directory. |
java.naming.security.credentials | The password associated with the principal. |
java.naming.security.protocol | The protocol used for the connection. |
It is possible to bind anonymously to an Active Directory. The topic of anonymous LDAP operations on Windows 2003 is covered in the Microsoft Support article 326690 (http://support.microsoft.com/default.aspx?scid=kb;en-us;326690).
Ubisecure Server supports LDAP client-side failover with replicated directories.