OpenWGA 7.9 - OpenWGA Concepts and Features
Authentication » Authentication sources » Directory ServerServer types and configuration
There is a wide range of available directory servers with differing behaviour. Therefor there is also a wide range of options to tweak the behaviour of OpenWGA when accessing directory servers.
OpenWGA knows configuration presets for the most common directory servers to prevent administrators from micro-configuring their individual directory servers. That is why you are asked for a Type of server when configuring a directory server as authentication source. After choosing this type all settings will be on those predefined values presented in the table below. If you want to use a setting that differs from the one predefined for your server type you still are able to set it manually which will override the predefined value.
| Option | Domino LDAP | Active Directory | eDirectory | OpenLDAP |
|---|---|---|---|---|
| Directory context factory | com.sun.jndi.ldap.LdapCtxFactory | com.sun.jndi.ldap.LdapCtxFactory | com.sun.jndi.ldap.LdapCtxFactory | com.sun.jndi.ldap.LdapCtxFactory |
| Distinguished Name Attribute | (None) | distinguishedName | (None) | (None) |
| EMail Address Attribute | ||||
| Group Membership attribute | member | member | groupMembership | memberUid |
| Group node object class | dominoGroup | group | groupOfNames | posixGroup |
| Membership information location | At group node | At group node | At user node | At group node |
| Name attributes for groups | cn | cn | cn | cn |
| Name attributes for users | cn,uid | cn,userPrincipalName,sAMAccountName | cn,uid | cn,uid |
| Use Lotus Domino Names | true | false | false | false |
| User node object class | dominoPerson | person | Person | inetOrgPerson |
Labeled names
Arbitrary attributes of the user nodes may be served as user labels. Via configuration setting "User attributes to provide as labeled names" a list of attributes can be specified that will be available as labeled name under their attribute name.
The common name defaults to be read from user attribute "displayName" or "cn", depending on which is available. A configuration setting "Common name expression" can be used to determine a custom "commonname" contents to be served. The setting takes an TMLScript expression which should evaluate to the desired name. A variable "atts" is available to the expression which is a Java-Object of type javax.naming.directory.Attributes. It contains all the attributes of the user node.
For example,to read the common name from a user attribute "sAMAccountName" specify this expression:
atts.get("sAMAccountName").get()