OpenLDAP Security Source

OpenLDAP is an open-source LDAP client and server implementation.

This section describes:

This page discusses:

See Also
LDAP Overview
Configure an LDAP Security Source
Active Directory Security Source
Lotus Domino Security Source
Configure an LDAP Security Source

User Login

In the OpenLDAP, the inetOrgPerson object class identifies persons. User login match is case insensitive. A valid user login can use several values:

  • EnableDN Login, for OpenLDAP, this allows the user to log in its full DN. Only DNs rooted on the defined LDAP search base are allowed.

  • Attribute value cn, which is the common name.

There can be only one match for the value on the OpenLDAP server, otherwise, the login fails. The first step in the user login phase resolves the full user DN.

In some cases, the LDAP server login is not used and only security tokens are resolved.

Groups

In OpenLDAP, the groupOfNames object class identifies groups. To compute the groups a user belongs to, the member attribute defines the group entries.

Display Name

The cn attribute of the OpenLDAP builds the user display name.

Security Tokens Format

The security tokens are:

  • ldap:USERFULLDN

  • ldap:USERGROUPFULLDN for each group the user belongs to.

For example:

ldap:CN=Jane Smith,CN=Users,dc=office,dc=exalead,dc=com
ldap:CN=Sales,CN=Groups,dc=office,dc=exalead,dc=com
ldap:CN=Marketing,CN=Groups,dc=office,dc=exalead,dc=com

OpenLDAP Implementation

The OpenLDAP security source primarily supports the following authentication methods:

  • None (anonymous access enabled)

  • Simple

Other values are permitted depending on your configuration and the LDAP implementation. For more information, see Context.SECURITY_AUTHENTICATION on http://docs.oracle.com/javase/jndi/tutorial/ldap/security/auth.html.

OpenLDAP Software 2.x implements LDAP version 3 (default) and OpenLDAP Software 1.x implements LDAP version 2.

For more information, see www.openldap.org .