Configuring the LDAP Authentication Use Case

Note: For information on the LDAP authentication use case, see Authentication Use Case: LDAP.

Note: The LDAP configurations are compatible with any LDAP server; however, LDAP configurations with non-AD servers have not been tested.

There are three Active Directory authentication scenarios provided for Web Central .

One-to-One Configuration

In this configuration, Active Directory (AD) users are mapped to their own unique Archibus identity. For instance, BIGUNIV\smith is mapped to the smith Archibus user, and BIGUNIV\davies is mapped to the davies Archibus user.

Configure WebCentral according to instructions in /WEB-INF/config/ context/security/ldap/activedirectory/mapping/one-to-one/readme.txt.

Note: If you are setting value of string_format for afm_users.user_name to other value than UPPER*, you also have to change the value of convertToUpperCase property to “false” in account-mapper.xml. This setting is located in WEB-INF/config/context/security/ldap/activedirectory/mapping/one-to-one/account-mapper.xml.

Many-to-One Configuration

In this configuration, all Active Directory (AD) authenticated users become one Web Central common/shared user. As an example, AD users BIGUNIV\smith and BIGUNIV\davies will both become a common/shared user on Web Central. By default both users will become the AFM user.

Configure WebCentral according to instructions in /WEB-INF/config/context/security/ldap/activedirectory/mapping/many-to-one/readme.txt.

Authority-by-Prefix Configuration

In this configuration, Active Directory (AD) users are mapped to a common/shared user in Web Central according to their LDAP Group assignments.

Configure WebCentral according to instructions in /WEB-INF/config/ context/security/ldap/activedirectory/mapping/authority-by-prefix/readme.txt.