This page last changed on Jul 30, 2009 by smaddox.
This page provides configuration notes for an OpenLDAP directory using the Posix/NIS schema RFC 2307. This page is related to Configuring an LDAP Directory Connector.
 | Posix support is read-only Currently, you cannot add or update user details or group details in a Crowd-connected OpenLDAP directory based on the Posix/NIS schema. Users will not be able to change their passwords from Crowd or from Crowd-connected applications. |
Screenshot: Connector — OpenLDAP on a Posix schema
Attribute |
Description |
Connector |
The directory connector to use when communicating with the directory server. |
URL |
The connection URL to use when connecting to the directory server, e.g.: ldap://localhost:389, or port 639 for SSL. |
Secure SSL |
Specifies whether the connection to the directory server is an SSL connection. |
Use Node Referrals |
Specifies whether to use the JNDI lookup java.naming.referral option. |
Use the User Membership Attribute |
Put a tick in the checkbox if your directory supports the group membership attribute on the user. (By default, this is the 'memberOf' attribute.) For instructions on enabling this feature in your directory, please refer to the OpenLDAP documentation.
- If this checkbox is ticked, Crowd will use the group membership attribute on the user when retrieving the members of a given group. This will result in a more efficient retrieval.
- If this checkbox is not ticked, Crowd will use the members attribute on the group ('member' by default) for the search.
|
Use Paged Results |
Specifies whether to use the LDAP control extension for simple paged results option. Retrieves chunks of data rather than all of the results at once. |
Use Relaxed DN Standardisation |
This setting determines how Crowd will compare DNs to determine if they are equal. See Configuring Relaxed DN Standardisation.
- If this checkbox is ticked, Crowd will do a direct, case-insensitive, string comparison. This is the default and recommended setting for OpenLDAP Posix. Using relaxed DN standardisation will result in a significant performance improvement.
- If this checkbox is not ticked, Crowd will parse the DN and then check the parsed version.
|
Password Encryption |
Select the type of encryption that the directory uses. |
Base DN |
The root distinguished name to use when running queries against the directory server, e.g.: o=acmecorp,c=com. |
User DN |
The distinguished name of the user that Crowd will use when connecting to the directory server. |
Password |
The password that Crowd will use when connecting to the directory server. |
Group Relationships
Crowd will check both the gidNumber and the memberUid attributes to determine if a user is a member of a group. The name of the gidNumber attribute is not configurable — Crowd will always use this attribute to determine membership.
The RFC 2307 schema does not support nesting of groups, so Crowd does not support nested groups in OpenLDAP based on the Posix/NIS schema.
Next Step
Go back to Configuring an LDAP Directory Connector.
RELATED TOPICS
Using Apache Directory Studio for Crowd LDAP Configuration
Crowd Documentation
|