FlexNet Code Insight 6.13.2
The Lightweight Directory Access Protocol (LDAP) configuration file (core.ldap.properties) is located in the <Code Insight_ROOT_DIR>\<version>\config\core directory. FlexNet Code Insight imports LDAP user metadata into its database. User passwords are never stored into our system. LDAP user authentication is handled on a real-time basis against the LDAP server for every login. If the user does not exist in LDAP, authentication is performed against the FlexNet Code Insight database.
Imported LDAP users are given a default requester role in the system. The users that are added during the LDAP sync process are not allowed to use the Forgot Password or Modify Preferences features of the application. The Application administrator can set a role for a user if it is different than that of a participant.
The system can maintain user information for users that do not exist in LDAP. An example of this scenario is an external contractor who needs access to LDAP but does not exist in LDAP. In such a case, the user information is managed via FlexNet Code Insight directly.
| • | You define LDAP user import frequency by modifying the ldap configuration file. The default setting in the properties file is ldap.jobFrequency=0 0 6 * * ?. This means that every morning at 6 AM the system syncs up with the LDAP server. |
| • | Refer to http://www.quartz-scheduler.org/documentation/quartz-2.x/tutorials/crontrigger for further information about the cron expression format. LDAP frequency example syntax is as follows: |
ldap.jobFrequency=0 0 6 * * ? (every morning 6 AM) ldap.jobFrequency=0 0/1 * * * ? (every minute)
| • | During the initial startup, the application replaces the plain-text LDAP password with an encrypted value. |
| • | The application reads the plain text password and writes the encrypted password back into the core.ldap.properties file in the following format: <ENCRYPTED_PASSWORD>ENCRYPTED. For subsequent server re-starts, the application uses the encrypted password. |
| • | To change the password, the administrator needs to bring down the server, then, you can enter the new plain-text password into the core.ldap.properties file, and restart the server. During the server startup, the application will again read the plain-text password and write the encrypted password back into core.db.properties. |
| • | If your LDAP server supports anonymous access, and you prefer to connect to the LDAP server anonymously rather than via a password-protected account, you can enable this by specifying ldap.anonymous=true in the core.ldap.properties file. |
The configurable properties from the LDAP configuration files are shown below. Ensure that you DO NOT comment out any attribute mappings. If you do not want to map and attribute, set it equal to blank. For example:
ldap.user.middleNameAttr=
# LDAP server connection settings, url, userName and password
# this user should have read right to be able to access the schema
# LDAP server connection settings, url, userName and password
# this user should have read right to be able to access the schema
#To enable LDAP Authentication set ldap.enabled to true ldap.enabled=true
#To sync LDAP users to Code Insight user lists "ldap.user.sync.enabled=true"
#URL of the LDAP server, for eg. ldap://<ldap_server>:389 ldap.url=ldap://ad.Code Insight.com:389
#Base node of LDAP server, for all the searches base node will be automatically appended. ldap.base= dc=ad,dc=Code Insight,dc=com
#User name to login to LDAP server ldap.userName=cn=Manager,dc=ad,dc=Code Insight,dc=com
#Password to login to LDAP server ldap.password=secret
#searchBase and searchFilter are used to import users to Code Insight system.
#DO NOT append ldap.base to ldap.searchBase
# Search base where you can s all the desired users. ldap.searchBase=CN=Users
# Search filter to pull only desired users to the Code Insight System, you can use LDAP Query here. ldap.searchFilter=(&(objectClass=person)(memberOf=CN=Code InsightAppsecGroup,CN=Users,DC=ad,DC=Code Insight,DC=com))
# LDAP user login filter, sAMAccountName={0} (for Active directory) ldap.loginFilter=sAMAccountName={0}
# Turn it on if LDAP server has paging enabled, mostly for Active Directory ldap.serverPaging = false
#LDAP user login attribute, loginAttr and loginFilter must always be in sync ldap.user.loginAttr=sAMAccountName
#Uniquely identifiable attribute for each user, if none found loginAttr will be used. ldap.user.externalIdAttr=sAMAccountName
#LDAP user email attribute, it should always have a valid email address value ldap.user.emailAttr=mail
# Do NOT comment out unwanted attribute mappings, set them equal to blank to not assign a value
#LDAP user firstName attribute (Optional) ldap.user.firstNameAttr=<LDAP_ATTR>
#LDAP user middleName attribute (Optional) ldap.user.middleNameAttr=<LDAP_ATTR>
#LDAP user lastName attribute (Optional) ldap.user.lastNameAttr=<LDAP_ATTR>
#LDAP user business unit attribute (Optional) ldap.user.businessUnitAttr=<LDAP_ATTR>
#LDAP user job title attribute (Optional) ldap.user.jobTitleAttr=<LDAP_ATTR>
#LDAP user location attribute (Optional) ldap.user.locationAttr=<LDAP_ATTR>
LDAP user telephone attribute (Optional) ldap.user.telephoneAttr=<LDAP_ATTR>
#LDAP user fax attribute (Optional) ldap.user.faxAttr=<LDAP_ATTR>
#LDAP user state attribute (Optional) ldap.user.stateAttr=<LDAP_ATTR>
# Use Cron frequency syntax
# Refer to http://www.quartz-scheduler.org/docs/tutorials/crontrigger.html for examples
# runs every 4 hours
#ldap.jobFrequency=0 0 */4 * * ?
# runs every morning at 6 AM ldap.jobFrequency=0 0 6 * * ?
# runs every Monday at 6 AM
# ldap.jobFrequency=0 0 6 ? * MON
# Default roles to be assigned to all the ldap users in Code Insight system.
# Comma seperated list should be provided below with possible values of requester, reviewer, participant. ldap.user.role =
# Associations of LDAP queries to User Lists
# LDAP Query for user list consists of 2 parameters (<userlist_name>.ldap.description & <userlist_name>.ldap.query).
# These 2 parameters need to be configured for each user list that is associated with an LDAP query.
# The LDAP query description will be shown in the Web UI in place of the actual query.
# The LDAP query will be executed each tyme an LDAP sync occurs.
#<userlist_name>.ldap.description = <enter description of LDAP query to be shown on user list details page in Web UI>
#<userlist_name>.ldap.query = <enter LDAP query to be executed for this user list each time an LDAP sync occurs>
FlexNet Code Insight 6.13.2 Online Help LibraryAugust 2019 |
Copyright Information | Flexera Software |