Configuration
The LDAP cache component takes the following configuration flags
Element | Type | Default | Description |
---|---|---|---|
useScript | boolean | false | Configure the cache to be populated by running a script and reading its output from a file |
script/file | string | [Required (script)] | The name of the script to run to populate the file (if using a file) |
script/file/@json | boolean | false | If true and using a script, treat the output written to the file as JSON. If false, treat the output written to the file as XML |
ldap/component | string | [Required (ldap)] | when not using a script, the path to LDAP server (component) that is used to get the LDAP ssers & groups |
searchBase | string | [Required (ldap)] | The base directory in the LDAP for searches. Normally this is the domain of the LDAP server. |
scope | int | 2 | The scope of the LDAP for searches. 0 = search base only, 1 = search base and immediate children, 2 = subdirectory |
ldap/users/query | string | [Required (ldap)] | The LDAP query used to find all users to be cached |
ldap/users/attribute | string | <all> | The LDAP attributes to be retrieved and stored in the cache for users |
ldap/groups/query | string | [Required (ldap)] | The LDAP query used to find all users to be cached |
ldap/groups/attribute | string | <all> | The LDAP attributes to be retrieved and stored in the cache for groups |
attributes/user/@key | string | dn (a pseudo attribute representing the object dn) | The attribute in LDAP that is the unique key for the user |
attributes/user/@name | string | sAMAccountName | The attribute in LDAP that holds the account name |
attributes/group/@key | string | dn (a pseudo attribute representing the object dn) | The attribute in LDAP that is the unique key for the group |
attributes/group/@name | string | sAMAccountName | The attribute in LDAP that holds the account name |
attributes/group/@mapping | string | memberOf | The attribute in LDAP that holds the groups for a user, or users for a group |
groupsHoldMembers | boolean | false | If true, group objects reference their members (typically via a uniqueMember attribute). If false, user objects reference their groups (typically via a memberOf attribute). |
lowerCase | boolean | false | Tells if group names retrieved from LDAP should be changed to lower case. |
Example configuration
Using LDAP
<component factoryName="aspire-ldap-cache" name="LdapCache" subType="default"> <debug>true</debug> <ldap> <component>/LDAP_Cache/LDAPConnection</component> <searchBase>dc=search,dc=local</searchBase> <scope>2</scope> <users> <query>(&(objectClass=user)(objectClass=organizationalPerson)(!(objectClass=computer)))</query> <attribute>cn</attribute> <attribute>sn</attribute> <attribute>c</attribute> <attribute>l</attribute> <attribute>title</attribute> <attribute>description</attribute> <attribute>telephoneNumber</attribute> <attribute>givenName</attribute> <attribute>memberOf</attribute> <attribute>sAMAccountName</attribute> <attribute>mail</attribute> </users> <groups> <query>(objectClass=group)</query> <attribute>sAMAccountName</attribute> <attribute>cn</attribute> <attribute>mail</attribute> <attribute>member</attribute> </groups> </ldap> <attributes> <user key="dn" name="sAMAccountName"/> <group key="dn" mapping="member" name="sAMAccountName"/> </attributes> <groupsHoldMembers>true</groupsHoldMembers> <lowerCase>false</lowerCase> </component>
Using a script
<component factoryName="aspire-ldap-cache" name="LdapCache" subType="default"> <debug>true</debug> <useScript>true</useScript> <script> <file json="false">c:\ldap\download.bat</file> </script> <attributes> <user key="dn" name="sAMAccountName"/> <group key="dn" mapping="member" name="sAMAccountName"/> </attributes> <groupsHoldMembers>true</groupsHoldMembers> <lowerCase>false</lowerCase> </component>
Overview
Content Tools