OpenWGA 7.7 - OpenWGA Concepts and Features
Authentication » Authentication sourcesDirectory Server
A directory server, besides other purposes, typically provides centralized authentication services to a network architecture and its applications. The most common protocol to communicate with a directory server is LDAP (Lightweight Directory Access Protocol) which is also used by OpenWGA.
Using a directory server as authentication source in OpenWGA means that the server will try to login to the directory server with the login credentials provided by the user. If that succeeds OpenWGA will regard the authentication as valid and retrieve user information from the server, like his name variants, group membership and his E-Mail address. It then caches the authentication result for 10 minutes and will use it for this time on subsequent requests so not every request to OpenWGA will result in a call to the directory server. This also means that changes to the authentication data on the LDAP server may have a delay of some minutes until they are effective in OpenWGA.
The fully quaiified username returned by this authentication source is the hierarchy path of the users data node in the directory, relative to the configured base node.