Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Configuring LDAP search

To use the LDAP search capabilities, you will need to configure an LDAP server, a map of attributes, and then determine which attributes should be displayed to users.

In applicationContext.xml:

First, you'll need to configure the LDAP server context. After changing the URL to match your LDAP directory, set the username and password, if necessary. If your LDAP directory does not require authentication for searching, you can omit these properties.

Code Block
xml
xml

<bean id="personDirLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
	<property name="url" value="ldap://ldap.school.edu:389"/>
	<property name="base" value=""/>
	<property name="username" value="USERNAME"/>
	<property name="password" value="PASSWORD"/>
	<property name="pooled" value="false"/>
</bean>

You'll also need to set a map of attribute names and their LDAP keys. For example, if you had an LDAP attribute "sn", you could map it to "firstName" or whatever useful name you'd like to give it. The key names you assign will be used below to filter attributes for different kinds of users, as well as in the messages.properties file. A set of example default values is provided, which you can modify to suit your directory's needs.

You may also need to modify the first constructor arg, which is the attribute to perform search queries against. This is generally set to an LDAP attribute that reflects the full names, but could be set to any attribute you wish to search against.

Code Block
xml
xml

<bean id="personAttributesMapper" class="org.jasig.portlet.search.ldap.PersonAttributesMapper">
	<constructor-arg value="cn"/>
	<constructor-arg>
		<map>
			<entry key="MY_CONVENIENT_NAME" value="LDAP_ATTRIBUTE_NAME"/>
		</map>
	</constructor-arg>
</bean>

Next, we need to set the list of allowed attributes for guests and logged in users. This allows the portlet to display a more limited set of LDAP attributes to unauthenticated users. If you don't want to use this feature, just use the same values in both the logged in and guest lists.

You may also need to set the base search name in the controller, as below. If you don't need this property, it can be left as an empty string.

Code Block
xml
xml

<bean id="personSearchService" class="org.jasig.portlet.search.ldap.LdapSearchServiceImpl">
	<property name="ldapTemplate" ref="ldapTemplate"/>
	<property name="queryAttribute" value="cn"/>
	<property name="personAttributesMapper" ref="personAttributesMapper"/>
	<property name="searchBase" value=""/>
	<!-- allowed attributes for logged in users -->
	<property name="loggedInAttributes">
		<list>
			<value>title</value>
			<value>department</value>
			<value>phone</value>
			<value>cellPhone</value>
			<value>homePhone</value>
			<value>emailAddress</value>
			<value>major</value>
			<value>class</value>
			<value>uid</value>
			<value>campusAddress</value>
			<value>college</value>
			<value>homeAddress</value>
			<value>deliveryAddress</value>
			<value>emailAlternateAddress</value>
		</list>
	</property>
	<!-- allowed attributes for guests -->
	<property name="guestAttributes">
		<list>
			<value>title</value>
			<value>department</value>
			<value>emailAddress</value>

		</list>
	</property>
</bean>

In messages.properties:

Each attribute key should be mapped in messages.properties in the form

Code Block
none
none

person.MY_CONVENIENT_NAME=Display Name