Configure Publisher to Recognize the LDAP Server

To configure Publisher to recognize the LDAP server, update the Security properties in the PublisherAdministration page.

Note:

Ensure that you understand your site's LDAP server configuration before entering values for the Publisher settings.

To configure Publisher for the LDAP Server:

  1. On the Administration page, under Security Center, click Security Configuration.
  2. Create a Local Superuser.

    Enter a Superuser Name and Password and select Enable Local Superuser check box. Enabling a local superuser ensures that you can access the Administration page of Publisher in case of security model configuration errors.

  3. Scroll down to the Authorization region. Select LDAP for the Security Model.
  4. Enter the following:
    • URL

      For example: ldap://example.com:389/

      If you're using LDAP over SSL, then note the following:

      • the protocol is "ldaps"

      • the default port is 636

      For example: ldaps://example.com:636/

    • Administrator Username and Password for the LDAP server

      The Administrator user entered here must also be a member of the XMLP_ADMIN group.

    • Distinguished Name for Users

      For example: cn=Users,dc=example,dc=com

      The distinguished name values are case-sensitive and must match the settings in the LDAP server.

    • Distinguished Name for Groups

      For example: cn=Groups,dc=us,dc=oracle,dc=com

      The default value is cn=OracleDefaultDomain,cn=OracleDBSecurity,cn=Products,cn=OracleContext,dc=example,dc=com

    • Group Search Filter

      The default value is (&(objectclass=groupofuniquenames)(cn=*))

    • Group Attribute Name

      The default value is cn

    • Group Member Attribute Name

      The default value is uniquemember

    • Member of Group Attribute Name

      (Optional) Set this attribute only if memberOf attribute is available for User and Group. Group Member Attribute is not required when this attribute is available. Example: memberOf or wlsMemberOf

    • Group Description Attribute Name

      The default value is description

    • JNDI Context Factory Class

      The default value is com.sun.jndi.ldap.LdapCtxFactory

    • Group Retrieval Page Size

      Setting this value enables support of the LDAPv3 control extension for simple paging of search results. By default, the Publisher server doesn't use pagination. This value determines the number of results to return on a page (for example, 200). Your LDAP server must support control type 1.2.840.113556.1.4.319 to support this feature, such as Oracle Internet Directory 10.1.4. Ensure that you check your LDAP server documentation for support of this control type before entering a value.

    • Attribute used for Login Username

      Enter the attribute that supplies the value for the Login user name. This is also known as the Relative Distinguished Name (RDN). This value defaults to cn.

    • Automatically clear LDAP cache - to schedule the automatic refresh of the LDAP cache the LDAP cache per a designated interval, select this box. After you select this box the following additional fields become enabled:

      • Enter an integer for Ldap Cache Interval. For example, to clear the LDAP cache once a day, enter 1.

      • Select the appropriate Ldap Cache Interval Unit: Day, Hour, or Minute.

    • Default User Group Name

      (Optional) Use this option if your site has the requirement to allow all authenticated users access to a set of folders, reports, or other catalog objects. The user group name that you enter here is added to all authenticated users. Any catalog or data source permissions that you assign to this default user group are granted to all users.

    • Attribute Names for Data Query Bind Variables

      (Optional) Use this property to set attribute values to be used as bind variables in a data query. Enter LDAP attribute names separated by a commas for example: memberOf, primaryGroupID,mail

  5. Click Apply. Restart Publisher.

The figure below shows a sample of the LDAP security model entry fields from the Security Configuration page.

If you're configuring Publisher to use LDAP over SSL, then you must also configure Java keystore to add the server certificate to JVM. See Configure Publisher for Secure Socket Layer (SSL) Communication.