1. Analytical Application Infrastructure User Guide
  2. System Configuration and Identity Management
  3. System Configuration
  4. Configuration
  5. Update General Details
  6. LDAP Server Details

LDAP Server Details

This feature allows you to configure and maintain multiple LDAP servers in the OFSAA instance. You can add a new LDAP server, modify/ view LDAP server details, and delete an existing LDAP server.
The LDAP Server Details window displays the details such as ROOT Context, ROOT DN, LDAP URL, LDAP SSL Mode, and LDAP Server name. To add a new LDAP Server
  1. Select LDAP Authentication & SMS Authorization from the Authentication Type drop-down list in the General Details tab, the LDAP Server Details window is displayed.
  2. Click Add in the toolbar. The LDAP Server Details window is displayed.

    Figure 13-23 LDAP Server Details window


    This illustration shows the LDAP Server Details window, which displays the details such as ROOT Context, ROOT DN, LDAP URL, LDAP SSL Mode, and LDAP Server name. The window has the following panes, LDAP Server Details, LDAP User Details, LDAP Group Details. You need to specify the required details in these panes when configuring the LDAP Servers,

  3. Enter the details as tabulated:
    The following table describes the fields in the LDAP Server Details window.

    Table 13-13 Fields in the LDAP Server Details window and their Descriptions

    Field Description
    Fields market with * are mandatory.
    LDAP Server Details
    LDAP URL

    Enter the LDAP URL from which the system authenticates the user.

    For example, ldap://hostname:3060/.
    LDAP Server

    Enter the LDAP Server name.

    For example, ORCL1.in.oracle.com.
    Enable Anonymous Bind

    Select this option to login to the database anonymously and perform functions. This is useful when you are searching for a user in the system and cannot find the user. For example, you cannot find a cn due to a name change and you have to map the user to the correct dn. You can use a property such as email to search for the dn and map it correctly.

    Note: Selecting this field disables ROOT DN and ROOT Password fields.
    LDAP SSL Mode Select the checkbox to enable LDAP over SSL to ensure encryption of user credentials when transferred over a network.
    ROOT DN

    Enter the ROOT Distinguished Name.

    For example, cn=orcladmin,cn=Users,dc=oracle,dc=com.
    ROOT Password Enter the LDAP server root password for authentication.
    LDAP User Details
    User Search Base Enter the full path of the location of the active directory in the LDAP server from which to start the user search. This is a comma-delimited parameter. For example, cn=User,dc=oracle,dc=com
    User Search Filter Enter search filters to limit the user search for the results obtained from ‘User Search Base’. For example, objectclass=organizationalPerson.
    User Filter Classes Enter a user search filter to include specific user groups. For example, enter ‘top’ for the search to access groups up to the top-level in the directory.
    Login ID Attribute Specify the login ID attribute (user name) to be used in the system for users. For example, enter ‘cn’ to use the common name as the login id attribute.
    Login Name Attribute Specify the attribute that maps to the Login ID. This is used for authentication purposes. For example, ‘sn’ maps to ‘cn’.
    User Enabled Attribute Enter the attribute to enable or disable a user. For example, ‘orclisEnabled’ is to enable a user account in the LDAP server.
    User Start Date Enter the attribute that stores the user-account start-date information. For example, ‘orcActiveStartdate’ contains start dates of all users.
    User End Date Enter the attribute that stores the user-account end-date information. For example, ‘orclActiveEndDate’ contains start dates of all users.
    LDAP Group Details
    Group Search Base Enter the full path of the location of the active directory in the LDAP server from which to start the group search. This is a comma-delimited parameter. For example, cn=Groups,dc=oracle,dc=com
    Group Search Filter Enter search filters to limit the group search for the results obtained from ‘Group Search Base’. For example, objectclass=groupOfNames.
    Group Filter Classes Enter a group search filter to include specific groups. For example, groupOfNames.
    Group Member Attribute Enter a member attribute listed for the Groups. For example, ‘member’.
    Group ID Attribute Enter the attribute that identifies the group name. For example, ‘cn’.
    Group Name Attribute Enter the attribute that specifies the full name of the group. For example, description
  4. Click Save.
    When a business user accesses OFSAA login window where multiple LDAP servers are configured in the OFSAA instance, the LDAP Server drop-down list is displayed. If the user selects an LDAP server, he will be authenticated only against the selected LDAP server. If the user does not select any LDAP server, he will be authenticated against the appropriate LDAP server.

    Note:

    SYSADMN/ SYSAUTH/ GUEST users need not select any LDAP server as they are always authenticated against SMS store. Additionally, if a specific user is marked as “SMS Auth Only” in the User Maintenance window, then that user is authenticated against the SMS store instead of the LDAP store even though the OFSAA instance is configured for LDAP authentication. The user has to enter password as per SMS store.