To configure Publisher to recognize the LDAP server, update the Security properties in the PublisherAdministration page.

1. On the Administration page, under Security Center, click Security Configuration.
2. Create a Local Superuser.

   Enter a Superuser Name and Password and select Enable Local Superuser check box. Enabling a local superuser ensures that you can access the Administration page of Publisher in case of security model configuration errors.

3. Scroll down to the Authorization region. Select LDAP for the Security Model.
4. Enter the following:

   • URL

     For example: ldap://example.com:389/

     If you're using LDAP over SSL, then note the following:

     • the protocol is "ldaps"

     • the default port is 636

     For example: ldaps://example.com:636/

   • Administrator Username and Password for the LDAP server

     The Administrator user entered here must also be a member of the XMLP_ADMIN group.

   • Distinguished Name for Users

     For example: cn=Users,dc=example,dc=com

     The distinguished name values are case-sensitive and must match the settings in the LDAP server.

   • Distinguished Name for Groups

     For example: cn=Groups,dc=us,dc=oracle,dc=com

     The default value is cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=example,dc=com

   • Group Search Filter

     The default value is (&(objectclass=groupofuniquenames)(cn=*))

   • Group Attribute Name

     The default value is cn

   • Group Member Attribute Name

     The default value is uniquemember

   • Member of Group Attribute Name

     (Optional) Set this attribute only if memberOf attribute is available for User and Group. Group Member Attribute is not required when this attribute is available. Example: memberOf or wlsMemberOf

   • Group Description Attribute Name

     The default value is description

   • JNDI Context Factory Class

     The default value is com.sun.jndi.ldap.LdapCtxFactory

   • Group Retrieval Page Size

     Setting this value enables support of the LDAPv3 control extension for simple paging of search results. By default, the Publisher server doesn't use pagination. This value determines the number of results to return on a page (for example, 200). Your LDAP server must support control type 1.2.840.113556.1.4.319 to support this feature, such as Oracle Internet Directory 10.1.4. Ensure that you check your LDAP server documentation for support of this control type before entering a value.

   • Attribute used for Login Username

     Enter the attribute that supplies the value for the Login user name. This is also known as the Relative Distinguished Name (RDN). This value defaults to cn.

   • Automatically clear LDAP cache - to schedule the automatic refresh of the LDAP cache the LDAP cache per a designated interval, select this box. After you select this box the following additional fields become enabled:

     • Enter an integer for Ldap Cache Interval. For example, to clear the LDAP cache once a day, enter 1.

     • Select the appropriate Ldap Cache Interval Unit: Day, Hour, or Minute.

   • Default User Group Name

     (Optional) Use this option if your site has the requirement to allow all authenticated users access to a set of folders, reports, or other catalog objects. The user group name that you enter here is added to all authenticated users. Any catalog or data source permissions that you assign to this default user group are granted to all users.

   • Attribute Names for Data Query Bind Variables

     (Optional) Use this property to set attribute values to be used as bind variables in a data query. Enter LDAP attribute names separated by a commas for example: memberOf, primaryGroupID,mail

5. Click Apply. Restart Publisher.