LDAP Synchronization to Multiple Sources
Code Insight supports LDAP synchronization for authentication and for authorization to two or more sources. Users may be authenticated against one LDAP directory and authorized with roles and permissions from a secondary source.
To configure a secondary LDAP server for authorization, do as follows:
| 1. | Add and define the following properties in core.ldap.properties (<FNCI_ROOT_DIRECTORY>/config/core/core.ldap.properties): |
ldap2.url
ldap2.base
ldap2.userName
ldap2.password
ldap2.anonymous
ldap2.read.timeout
ldap2.searchBase
ldap2.searchFilter
| 2. | Restart the server. |
| 3. | Note the following property behavior: |
| • | If an ldap2.name property is not specified or specified with no value, its ldap.name counterpart applies. For example, if “ldap2.read.timeout = “, the ldap.read.timeout value is applied during the sync. |
| • | If either ldap2.searchBase or ldap2.searchFilter is specified with a value, both apply. |
| • | If one of these properties (ldap2.searchBase or ldap2.searchFilter) is specified, the value for the other will be an empty string. For example: “ldap2.searchFilter = (objectClass=*)” implies “ldap2.searchBase = ” |
| • | A sync also requires appropriate ldap.user.name properties |