Table of Contents |
---|
Introduction
- LDAP/Directory URL
- Bind user and password
- User search base
- User search filter
LDAP directory can be configured using UI(v6.1 onwards) or API. One Users can configure one or more LDAPs LDAP directories at the same time. Once configured, the LDAPs The LDAP directory names will appear on the login and sign up page as a dropdown.
Configure the LDAP Directory via UI
Super admins can configure LDAP directory via UI (v6.1 onwards) by going navigating to Extras from the home page.
...
Click on 'Identity Providers' and create a new entry for registering to your LDAP directory. Select the type as LDAP and fill all required details
...
Once created, the list of all LDAPs LDAP directories registered are displayed and can be updated if required.
...
Item | Description | |||||||||
---|---|---|---|---|---|---|---|---|---|---|
Host URL | LDAP directory URLs have this syntax: ldap[s]://<hostname>:<port>
| |||||||||
Bind DN | This is required for authenticating to the directory. Eg. "cn=read-only-admin,ou=users,dc=example,dc=com" | |||||||||
Password | Password of the Bind DN user. | |||||||||
Search Base | User search base, from where the search will be started. It might be an empty string like "" or "ou=People". If Oracle DBMS is used, then an empty string is treated as null, which will fail LDAP authentication. Therefore it is advised to specify the base node from which the search needs to be carried. Eg.
| |||||||||
Search Filter | Search user using an attribute. Eg. "(uid={0})" or in case of active directory "(sAMAccountName={0})" |
...
Here 'test' is the user account created in LDAP, and the same user needs to be created into OpenSpecimen. Here is a wiki page to setup LDAP users. (refer to via UI section)
Delete the LDAP configuration (via backend)
Note down the domain name and provider id which needs to be deleted.
Code Block language sql select * from os_auth_domains;
Delete the entries of the identity provider and their properties from respective tables.
Code Block language sql delete from os_auth_domains where domain_name='<identity-provider-name-to-be-deleted>'; delete from os_auth_provider_props where AUTH_PROVIDER_ID = <provider-id-query#1>; delete from os_auth_providers where identifier = <provider-id-query#1>;