|
|
In order to configure Squore to integrate with your LDAP Server, you should make sure that you have access to the following information:
The address of the LDAP server you want to connect to Squore.
The section(s) of the directory that contain the users that should be allowed to log into Squore.
The login and password of a user account allowed to browse the section(s) of the directory mentioned above.
Basic knowledge of your directory structure. Note that Squore was tested with Microsoft Active Directory on Windows Server 2008 and OpenLDAP on Ubuntu 12.04.
If you need to obtain this information to a system administrator, ask for these details:
java.naming.provider.url: The URL of the directory server.
baseCtxDN: The fixed DN of the context to start the user search from.
bindDN: The DN used to bind against the ldap server for the user and roles queries. This is some DN with read/search permissions on the baseCtxDN and rolesCtxDN values.
bindCredential: The password for the bindDN
baseFilter: The search query sent by Squore to the LDAP server when authentificating. If the password is correct and the search returns true, the user is allowed to log into Squore. The default query checks that the login exists, but you can change it to check that the login is valid and that the user is part of a specific group for example, using the syntax &((condition1) (condition2))
. For more information about LDAP query syntax, refer to https://technet.microsoft.com/en-us/library/aa996205(v=exchg.65).aspx. Note that the & characters must be written as an entity (&) in the settings file.
rolesCtxDN: The fixed DN of the context to search for user roles. This is required to exist, even though it is not used by Squore at the moment.
userCompositeName (optional): the field in the LDAP account that Squore will import and user as the user's full name.
userMail (optional): the field in the LDAP account that Squore will import and user as the user's e-mail address.
userOrganizationUnit (optional): the field in the LDAP account that Squore will import and user as the user's department.
userId (optional): the field in the LDAP account that Squore will use as a the final user login to create the account or log into the application. When no value is specified for this field, Squore uses the login as typed by the user on the login page.
Using this field helps avoiding confusion with mixed-case logins. Squore Server considers demo and Demo as two separate users by default. By specifying that the login is taken from a specific field from your directory, you ensure that the same account is used no matter what case was used in the login form.