In the Taskmaster Server Manager, you can select LLLDAP as your group authentication system. When you select LLLDAP as your group authentication system, you must set up the Authentication path template with customized directory configuration properties.
The Bind User and Bind Password can be encrypted by setting custom values the Application Manager. Values that are specified in the Advanced values field in the Custom values tab are encrypted. You must specify the application and the Value name in the Taskmaster Server Manager Authentication path template. For example, a password that is stored with the Value name, MyBindPassword, in the APT application Advanced values field, can be retrieved by the LLLDAP authenticator by specifying APT,MyBindPassword in the Authentication path template.
Property Name | Description |
---|---|
GroupBaseDn | Group Base Domain Name The base domain name for searching for groups in the directory server. |
GroupSearchFilter | Group Search Filter Specifies the search filter for groups, such as (&(objectclass=group)(cn=<%user%>)), where cn serves as the short name. GroupSearchFilter and GroupDisplayNameAttribute must use the same LDAP attribute |
GroupShortNameAtr | Group Short Name Attribute Defines the directory server attribute to be used as the short name for a group. |
GroupDisplayNameAttr | Group Display Name Attribute Specifies the display name for a Group object that is generated by the authentication provider. The default property value is dependent on the authentication provider and is specified by the provider's configuration. |
GroupMembershipSearchFilter | Group Membership Search Filter The search filter for group membership queries. |
GroupNestedSearch | Group Nested Search Filter Include nested groups for discovering group membership. Valid values are On and Off. The default value is Off. |
UserBaseDn | User Base Domain Name The base domain name for searching for users in the directory server. |
UserSearchFilter | User Search Filter Specifies search filter for users, such as (&(objectclass=user)(samAccountName=<%user%>)), where samAccountName serves as the short name. |
UserShortNameAttr | User Short Name Attribute Defines the directory server attribute to be used as the short name for a user. |
UserDisplayNameAttr | User Display Name Attribute Specifies the display name for a User object that is generated by the authentication provider. The default property value is dependent on the authentication provider and is specified by the provider's configuration. |
BindUser | Bind User The user name for authenticating the users. This user must have permission to search the area of LDAP where users are located. This user must have permission to search outside of the user’s groups and authorization. The login fails if the application user cannot bind. The bind user can be specified in plain text or can be encrypted by using the Advanced values field in the Custom values tab of the Application Manager. When the bind user is stored in the Application Manager, you must specify the application name and the Value name as Application,<value name>. For example, enter APT,MyBindUserValue, where APT is the Taskmaster application name and MyBindUser is the Value name in the Custom values field. You must specify only the Value name. Do not specify the complete @APPVAR path in the Advanced values field |
BindPw | Bind Password The password for the Bind User. The bind password can be specified in plain text or can be encrypted by using the Advanced values field in the Custom values tab of the Application Manager. When the bind password is stored in the Application Manager, you must specify the application name and Value name as Application,<value name>. For example, enter APT,MyPasswordValue where APT is the Taskmasterapplication name and MyBindPassword is the Value name in the Advanced values field. You must specify only the value name. Do not specify the complete @APPVAR path in the Advanced values field |
AuthAttribute | Authorization Attribute The AuthAttribute value tells Taskmaster server to authenticate a user with an additional attribute value, such as AuthAttribute:carLicense=1234. This value is optional. |
MyServer:389/
BindUser:cn=admin,dc=mydomain,dc=com?BindPw:APT,MyBindPassword?
UserBaseDn:ou=people, dc=mydomain,dc=com?UserSearchFilter:(
&(objectClass=inetOrgPerson)(cn=<%user
%>))?UserShortNameAttr:cn?UserDisplayNameAttr:uid?GroupBaseDn:
ou=groups,dc=mydomain,dc=com?
GroupSearchFilter:(
&(objectClass=groupOfNames))?GroupShortNameAttr:cn?GroupNestedSearch:on?
GroupDisplayNameAttr:cn?GroupMembershipSearchFilter:(
&(objectClass=groupOfNames)(member=<%user %>))
Server:389/
BindUser:cn=admin,dc=mydomain,dc=com?BindPw:BindPw:APT,MyBindPassword?
UserBaseDn:DC=mycomain,DC=com?UserSearchFilter:(
&(objectClass=user)(sAMAccountName=<%user%>))?
UserShortNameAttr:cn?UserDisplayNameAttr:uid?GroupBaseDn:
DC=mydomain,DC=com?GroupSearchFilter: (&(objectClass=group))?
GroupShortNameAttr:cn?GroupNestedSearch:on?GroupDisplayNameAttr:cn?
GroupMembershipSearchFilter:(&(objectClass=group)(member=<%user%>))