Try OpenEdge Now
skip to main content
OpenEdge 11.6.3 New Information : Progress Application Server for OpenEdge : LDAP configuration support in PAS for OpenEdge : Basic LDAP configuration
 
Basic LDAP configuration
The basic, default LDAP configuration in PAS for OpenEdge uses simplified XML elements and attributes. Since many of the advanced options are hidden, the configuration process is less complicated than the Advanced LDAP configuration.
The LDAP configuration files are:
*oeablSecurity-basic-ldap.xml
*oeablSecurity-form-ldap.xml
The configuration file you use depends on which authentication protocol you use in your web application design.
These files are in the /WEB-INF folder of a web application in a PAS for OpenEdge instance. They employ these two XML elements to define the properties used in the LDAP authentication process:
<ldap-server id="PrimayLDAP"
url="ldap://enter_hostname:389/root_dn_here"
manager-dn="uid=admin,ou=system"
manager-password="admin" />

<ldap-authentication-provider
server-ref="PrimayLDAP"
group-role-attribute="cn"
role-prefix="ROLE_"
group-search-filter="(member={0})"
group-search-base=""
user-search-base=""
user-search-filter="(uid={0})" />
These two elements:
*Define all the beans described in Overview of LDAP support in PAS for OpenEdge
*Sett default properties
*Pass the element's properties and attributes to the appropriate bean
The following table describes the configuration properties of these elements:
XML Element
ID
Property
Value
ldap-server
PrmaryLDAP
url
One or more of the LDAP URLs that are used to connect to the directory service in a comma-separated list.
manager-dn
The Distinguished Name (DN) used to log into the Directory Service and to search for user accounts.
manager-password
The password for the manager account specified in the manager-dn property.
ldap-authentication-provider
n/a
user-search-base
The DN of the LDAP object where the search to find a user account begins.
user-search-filter
The LDAP query string used to find the object representing the user account.
The default is “(uid={0})”.
The {0} is a required value. It is a token that represents the user account that is being validated.
group-search-base
The DN of the LDAP object where the search for the user account's groups begins.
group-search-filter
The LDAP query string used to find the user account's group objects.
The default is “(member={0})”. (In some LDAP implementations the name is memberof.)
The {0} is a required value. It is a token that represents the user account that is being validated.
group-role-attribute
The field name to use as the Spring Security role name for the group object DN.
role-prefix
The prefix assigned to the role obtained from an LDAP group search. In OpenEdge, the prefix ROLE_ is typically used to designate it as a Spring Security role.