How to: |
This section describes how to enable authorization permission from OGC using Group Names through LDAP.
https://your-wso2hostname:9443
The WSO2 Identity Server opens, as shown in the following image.
The Add New User Store window appears, as shown in the following image.
Note: The example below is based on configuring an LDAP connection to an MS Active Directory server.
org.wso2.carbon.user.core.ldap.ReadOnlyLDAPUserStoreManager
Note: This domain name will be used by all users logging in to OGC. Their user names will be entered as:
OGCUSERS/corporate_userid
Parameter |
Value |
---|---|
Connection URL* |
ldap://iwadc-vm.iwaydev.ibi.com:389 |
Connection Name* |
CN=Administrator,CN=Users,DC=iwaydev,DC=ibi,DC=com |
Connection Password* |
(Enter this last!) |
User Search Base* |
CN=Users,DC=iwaydev,DC=ibi,DC=com |
Username Attribute* |
sAMAccountName |
User Search Filter* |
(&(objectClass=user)(sAMAccountName=?)) |
User List Filter* |
(&(objectClass=user)(memberOf=CN=OGCUSERS,CN=Users,DC=iwaydev,DC=ibi,DC=com)) |
Note: An asterisk denotes a required field.
Parameter |
Value |
---|---|
User DN Pattern |
(Nothing, leave blank) |
Display name attribute |
sAMAccountName |
Read Groups |
Select the check box. |
Group Search Base |
CN=Users,DC=iwaydev,DC=ibi,DC=com |
Group Name attribute |
cn |
Group Search Filter |
(&(objectClass=group)(cn=?)) |
Group List Filter |
(objectClass=group) |
Role DN Pattern |
(Nothing, leave blank) |
Membership Attribute |
member |
Member of Attribute |
(Nothing, leave blank) |
Enable Escape Characters at User Login |
Select the check box. |
The new User Store Name (for example, OGCUSERS) appears.
The new User Store Name also appears in the ALL USER STORE DOMAINS drop-down list, as well as the new domain users with the User Store name prefix which are listed in the name listl.