To enable TeamConnect to use your LDAP plug-in, you must provide certain parameters which represent your environment and save them in a properties file. You must modify the authenticationDescriptor.properties file for LDAP authentication and enter the appropriate information in these parameters according to the descriptions in the table below.
Note: To comment out a property, type # at the beginning of the line to comment it out.
LDAP Parameters and Definitions
Parameter |
Description |
Example |
tc.displayName |
Required field. Do not change this value. |
|
tc.uniqueId |
Required field. Do not change this value. |
|
tc.isSSO |
Required field. Do not change this value. |
|
ldap.host |
LDAP server host name. This value is combined with ldap.port and ldap.root to form the ldap-server URL. |
10.0.0.1 Note: When combined with ldap.port and ldap.root values, an ldap-server URL like ldap://10.0.0.1:389/dc=myserver,dc=org would result |
ldap.port |
LDAP server port. This value is combined with ldap.host and ldap.root to form the ldap-server URL. |
389 Note: When combined with ldap.host and ldap.root values, an ldap-server URL like ldap://10.0.0.1:389/dc=myserver,dc=org would result |
ldap.root |
Enter the top-level DN (distinguished name) under which the TeamConnect users can be found in the LDAP directory structure. This value is combined with ldap.host and ldap.port to form the ldap-server URL. |
dc=springframework,dc=org Note: When combined with ldap.host and ldap.port values, an ldap-server URL like ldap://10.0.0.1:389/dc=myserver,dc=org would result |
ldap.userDn |
Enter the name of the attribute that stores the username on the LDAP server. TeamConnect will log into the LDAP server with this username. Note: Do not confuse the attribute name with the actual value of the username that it stores. |
directory.username=uid |
ldap.password |
Enter the name of the attribute that stores the password on the LDAP server. TeamConnect will log into the LDAP server with this password. Note: Do not confuse the attribute name with the actual value of the password that it stores. |
directory.password=userPassword |
ldap.userDnPatterns |
The elements of the user's Distinguished Name that, when assembled, will form the complete DN to authenticate the user's identity to the LDAP Directory Service (if authentication is required). |
uid={0},ou=people Note: This example would obtain the DN for the user by substituting the user login name in the supplied pattern and attempting to bind as that user with the login password. This would work if all your users are stored under a single node in the directory. |
ldap.groupDnPattern |
The group's Distinguished Name. For authentication, users will need to belong to this group. You must create and configure this group on the LDAP server. Then add users to this group. |
teamconnect |
ldap.groupRoleAttribute |
The attribute which contains the name of the authority defined by the group entry. This parameter is used to load authorities from groups in the LDAP directory. |
The default value is cn |
page.badCredentials |
Page to display if the password does not match the password stored for the TeamConnect user account. Note: If you do not create a custom file, then comment out this line. |
/login.html?error=bc |
page.lockedAccount |
Page to display if the TeamConnect user account is locked and User Locking is enabled in TeamConnect settings. Note: If you do not create a custom file, then comment out this line. |
/login.html?error=1 |
page.maximumLogins |
Page to display if the LDAP account has already exceeded their maximum allowed sessions. Note: If you do not create a custom file, then comment out this line. |
/login.html?error=1 |
page.logout |
This page is shown when a user logs out normally. Note: If you do not create a custom file, then comment out this line. |
/login.html |
page.sessionTimeout |
This page is shown when a user's session times out. Note: If you do not create a custom file, then comment out this line. |
login.html?error=2 |
