Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Configuring LDAP search

To use the LDAP search capabilities, you will need to configure an LDAP server, a map of attributes, and then determine which attributes should be displayed to users.

In applicationContext.xml:

First, you'll need to configure the LDAP server context. After changing the URL to match your LDAP directory, set the username and password, if necessary. If your LDAP directory does not require authentication for searching, you can omit these properties.

<bean id="personDirLdapContext" class="org.springframework.ldap.core.support.LdapContextSource">
	<property name="url" value="ldap://ldap.school.edu:389"/>
	<property name="base" value=""/>
	<property name="username" value="USERNAME"/>
	<property name="password" value="PASSWORD"/>
	<property name="pooled" value="false"/>
</bean>

You'll also need to set a map of attribute names and their LDAP keys. For example, if you had an LDAP attribute "sn", you could map it to "firstName" or whatever useful name you'd like to give it. The key names you assign will be used below to filter attributes for different kinds of users, as well as in the messages.properties file. A set of example default values is provided, which you can modify to suit your directory's needs.

You may also need to modify the first constructor arg, which is the attribute to perform search queries against. This is generally set to an LDAP attribute that reflects the full names, but could be set to any attribute you wish to search against.

<bean id="personAttributesMapper" class="org.jasig.portlet.search.ldap.PersonAttributesMapper">
	<constructor-arg value="cn"/>
	<constructor-arg>
		<map>
			<entry key="MY_CONVENIENT_NAME" value="LDAP_ATTRIBUTE_NAME"/>
		</map>
	</constructor-arg>
</bean>

Next, we need to set the list of allowed attributes for guests and logged in users. This allows the portlet to display a more limited set of LDAP attributes to unauthenticated users. If you don't want to use this feature, just use the same values in both the logged in and guest lists.

You may also need to set the base search name in the controller, as below. If you don't need this property, it can be left as an empty string.

<bean id="personSearchService" class="org.jasig.portlet.search.ldap.LdapSearchServiceImpl">
	<property name="ldapTemplate" ref="ldapTemplate"/>
	<property name="queryAttribute" value="cn"/>
	<property name="personAttributesMapper" ref="personAttributesMapper"/>
	<property name="searchBase" value=""/>
	<!-- allowed attributes for logged in users -->
	<property name="loggedInAttributes">
		<list>
			<value>title</value>
			<value>department</value>
			<value>phone</value>
			<value>cellPhone</value>
			<value>homePhone</value>
			<value>emailAddress</value>
			<value>major</value>
			<value>class</value>
			<value>uid</value>
			<value>campusAddress</value>
			<value>college</value>
			<value>homeAddress</value>
			<value>deliveryAddress</value>
			<value>emailAlternateAddress</value>
		</list>
	</property>
	<!-- allowed attributes for guests -->
	<property name="guestAttributes">
		<list>
			<value>title</value>
			<value>department</value>
			<value>emailAddress</value>

		</list>
	</property>
</bean>

In messages.properties:

Each attribute key should be mapped in messages.properties in the form

person.MY_CONVENIENT_NAME=Display Name
  • No labels