Authorizing multiple LDAP groups to have roles in IBM Integration Bus
Authorize multiple LDAP groups to have roles in IBM® Integration Bus by setting values for the ldapAuthorizeUrl property in the ldap.auth.yaml web administration server security configuration file.
Before you begin
About this task
The example described in this topic illustrates how to authorize multiple LDAP groups to have
roles in IBM Integration Bus. The example refers to an LDAP-authenticated user,
martin
, who is a member of two groups in LDAP, which have the distinguished names
(dn) cn=administrator,ou=groups,o=iib
and
cn=viewer,ou=groups,o=iib
, as shown in the following LDAP
configuration:
ObjectClass: Person
dn: cn=martin,ou=users,o=iib
cn: martin
ObjectClass: groupOfNames
dn: cn=administrator,ou=groups,o=iib
cn: administrator
Member: cn=graham,ou=users,o=iib
Member: cn=martin,ou=users,o=iib
ObjectClass: groupOfNames
dn: cn=viewer,ou=groups,o=iib
cn: viewer
Member: cn=graham,ou=users,o=iib
Member: cn=martin,ou=users,o=iib
Procedure
Results
martin
attempts to carry out an action on
the integration node or integration server, a search will confirm that the LDAP distinguished name
cn=viewer,ou=groups,o=iib
is authorized to perform the role
viewRole
in IBM Integration Bus. The LDAP-authenticated user
martin
is a member of the LDAP group cn=viewer,ou=groups,o=iib
so
will be granted the permissions that were set for the role viewRole
. Additionally,
user martin
is a member of the LDAP group
cn=administrator,ou=groups,o=iib
so will be granted the permissions that were set
for the role adminRole
.