Versions Compared

Old Version 34

changes.mady.by.user Krishna Waidande

Saved on

compared with

New Version 35

changes.mady.by.user Krishna Waidande

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...

Item
Description
Host URL

LDAP URLs have this syntax: ldap[s]://<hostname>:<port>


ComponentDescription
ldap[s]://URL begins with the ldap:// protocol prefix (or ldaps://, if the server is communicating over an SSL connection) and specifies a search request to be sent to an LDAP server.
<hostname>Name of the LDAP server. Eg. ldap.forumsys.com
<port>

Port number of LDAP server. Eg. 696

If the port number is not specified, the standard LDAP port 389 is used.

Eg. ldap://ldap.forumsys.com:389


Bind DN

This is required for authenticating to the directory. Eg. "cn=read-only-admin,ou=users,dc=example,dc=com"

Password

Password of the Bind DN user.

Search Base

User search base, from where the search will be started. It might be an empty string like "" or "ou=People".

If Oracle DBMS is used, then an empty string is treated as null, which will fail LDAP authentication. Therefore it is advised to specify the base node from which the search needs to be carried.

Eg.

Code Block
Suppose users are resided in following directory:
  1. ou=others,dc=example,dc=com
  2. ou=users,dc=example,dc=com
  3. ou=people,dc-example,dc=com
 
url - ldap://ldap.forumsys.com:389
SearchFilter - "(uid={0})" or "(sAMAccountName={0})"
SearchBase - ""
Search will start from "dc=example, dc=com", It will search user in all the sub directories.
 
OR

url - ldap://ldap.forumsys.com:389
SearchFilter - "(uid={0})" or "(sAMAccountName={0})"
SearchBase - "ou=people"
Search will start from "ou=people,dc=example,dc=com". It will search user only in ou=people.


Search FilterSearch user using an attribute. Eg. "(uid={0})" or in case of active directory "(sAMAccountName={0})"

...

Here 'test' is the user account created in LDAP, and the same user needs to be created into OpenSpecimen. Here is a wiki page to setup LDAP users. (refer to via UI section)

Delete the LDAP configuration (via backend)

Currently (v7.1), it is not possible to delete the identity provider configuration via UI. This needs to be done via backend using below SQLs.

  1. Note down the domain name and provider id which needs to be deleted.

    Code Block
    languagesql
    select * from os_auth_domains;


  2. Delete the entries of the identity provider and their properties from respective tables.

    Code Block
    languagesql
    delete from os_auth_domains where domain_name='<identity-provider-name-to-be-deleted>';
delete from os_auth_provider_props where AUTH_PROVIDER_ID = <provider-id-query#1>;
delete from os_auth_providers where identifier = <provider-id-query#1>;