This page last changed on Nov 30, 2010 by smaddox.

This page provides configuration notes for OpenLDAP. This page is related to Configuring an LDAP Directory Connector.

Screenshot: Connector — OpenLDAP




Attribute Description
Connector The directory connector to use when communicating with the directory server.
URL The connection URL to use when connecting to the directory server, e.g.: ldap://localhost:389, or port 639 for SSL.
Secure SSL Specifies if the connection to the directory server is a SSL connection.
Use Node Referrals Use the JNDI lookup java.naming.referral option. Generally needed for Active Directory servers configured without proper DNS, to prevent a 'javax.naming.PartialResultException: Unprocessed Continuation Reference(s)' error.
Use Nested Groups Enable or disable support for nested groups on the LDAP user directory.
Use the User Membership Attribute Put a tick in the checkbox if your directory supports the group membership attribute on the user. (By default, this is the 'memberOf' attribute.) For instructions on enabling this feature in your directory, please refer to the OpenLDAP documentation.
  • If this checkbox is ticked, Crowd will use the group membership attribute on the user when retrieving the members of a given group. This will result in a more efficient retrieval.
  • If this checkbox is not ticked, Crowd will use the members attribute on the group ('member' by default) for the search.
  • If the 'Use Nested Groups' checkbox is ticked, Crowd will ignore the 'Use the User Membership Attribute' option and will use the members attribute on the group for the search.
Use Paged Results Use the LDAP control extension for simple paged results option. Retrieves chunks of data rather than all of the results at once. This feature may be necessary when using Microsoft Active Directory if more than 999 results are returned for any given search.
Use Naive DN Matching This setting determines how Crowd will compare DNs to determine if they are equal. See Using Naive DN Matching.
  • If this checkbox is ticked, Crowd will do a direct, case-insensitive, string comparison. This is the default and recommended setting for OpenLDAP. Using relaxed DN standardisation will result in a significant performance improvement.
  • If this checkbox is not ticked, Crowd will parse the DN and then check the parsed version.
Polling Interval Crowd will send a request to LDAP every x minutes, where 'x' is the number specified here. Please read the full instructions: Configuring Caching for an LDAP Directory.
Read Timeout Time in seconds to wait for a response to be received. If there is no response within the specified time period, the read attempt will be aborted. A value of 0 (zero) means there is no limit.
Search Timeout Time in seconds to wait for a response from a search operation. A value of 0 (zero) means there is no limit.
Connection Timeout Timeout in seconds when opening new server connections. If not specified, the TCP network timeout will be used, which may be several minutes.
Password Encryption Select the type of encryption that the directory uses.
Base DN Enter the root distinguished name to use when running queries versus the directory server. For example:
o=acmecorp,c=com
dc=example,dc=com
User DN Distinguished name of the user that Crowd will use when connecting to the directory server. for example: cn=Manager,dc=example,dc=com
Password The password of the user specified above.

Note: You can also configure site-wide LDAP connection pool settings. See Configuring the LDAP Connection Pool.

Next Step

Go back to Configuring an LDAP Directory Connector.

RELATED TOPICS

Using Apache Directory Studio for LDAP Configuration
Crowd Documentation


Document generated by Confluence on Nov 30, 2010 23:53