Login
    Contents x
    Sitedef LDAP Authentication Configuration
    • 28 Dec 2023
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Contents

    Sitedef LDAP Authentication Configuration

    • Updated on 28 Dec 2023
    • 2 Minutes to read
    • Contributors
    • Print
    • Dark
      Light
    Article summary

    Sitedef LDAP Authentication Configuration

    Introduction

    In order to set up Comflow against a LDAP directory, normally Microsoft AD, you configure it according this document.

    Sitedef configuration

    You can configure 2 parts, and both are recommended; Authentication and Authorization.

    Authentication

    The authentication is managed via the service net.comactivity.core.authentication.ActiveDirectoryAuthentication and controlled by a set of parameters documented in the settings below:

    <Site> ...

<Authentication name="AD" class="net.comactivity.core.authentication.ActiveDirectoryAuthentication">

            <Parameters>

                <parameter name="check.envusers" value="false" />    <!-- If Comflow core table envusers shall be checked at authentication. If record does not exist, the user is not authenticated. -->

                <parameter name="autocreate.companypersons" value="false" /> <!-- If Comflow base table companypersons record shall automatically be created at authentication.  -->

                <parameter name="check.companypersons" value="false" />  <!-- If Comflow base table companypersons shall be checked at authentication. If record does not exist, the user is not authenticated  -->


                <parameter name="default.enterprise" value="1" />   <!-- Default Enterprise value. Possibly overridden by a Session Manager  -->

                <parameter name="default.company" value="100" />   <!-- Default Company value. Possibly overridden by a Session Manager  -->

                <parameter name="use.ad.groups.as.roles" value="true" /> <!-- Indicator if AD groups shall be used for Roles in Comflow and thereby control the Role setup -->

                <parameter name="user.id.caseing" value="upper" /> <!-- What casing shall be used for user id in Comflow (AD is case insensitive, Comflow not). Valid values are "lower", "mixed" and "upper". "upper" is recommended.  -->

                <parameter name="retry.connect.no.of.times" value="5" /> <!-- Number of connection retries. 5 is recommended. -->

                <!-- URL Login settings --> <!-- Settings if URL Login is enabled. Default is disbled. -->

                <parameter name="url.login" value="true" /> <!-- Enables URL Login. Default is false. -->

                <parameter name="session.values.in.url" value="true" /> <!-- Allows session values in the URL.  Default is false.  -->

                <parameter name="start.task.in.url" value="true" />

                <parameter name="start.task.in.url.hide.navigator" value="false" />

                <parameter name="mapdata.in.url" value="true" />

                <parameter name="require.group" value="Global UAp Comflow Users" />

            </Parameters>

        </Authentication>

        <!-- -->



    Authorization

    The authorization is managed via the services net.comactivity.core.authorization.ldap.LdapUserManagement  and net.comactivity.core.authorization.ldap.LdapGroupManagement for User and Group management respectively. The parameters below control the integration with a LDAP directory, like Microsoft AD:

     <!-- -->

        <Authorization>

            <Properties>

                <Property name="user.id" value="comflowServiceAdmin@customer.net" />

                <Property name="password" value="Password" />

                <Property name="provider.url" value="ldap://customer.net:389" />


                <Property name="prefer.ssl" value="true" />

                <Property name="provider.search.base" value="dc=customer,dc=net" />

                <Property name="usepaging" value="true" />

                <Property name="cache.users" value="true" />

                <Property name="cache.groups" value="true" />

            </Properties>

            <User>

                <Properties>

                    <Property name="class" value="net.comactivity.core.authorization.ldap.LdapUserManagement" />


                    <Property name="user.search.base" value="OU=Customer Users,OU=Customer" />

                    <Property name="user.id.caseing" value="upper" />

                    <Property name="hide.disabled.users" value="true" />

                </Properties>

            </User>

            <Group>

                <Properties>

                    <Property name="class" value="net.comactivity.core.authorization.ldap.LdapGroupManagement" />

                    <Property name="admin.group" value="Comflow Admin" />

                    <Property name="all.groups.search.base" value="" />

                    <Property name="global.group.filter" value="Comflow%" />

                    <!-- Property name="global.group.filter" value="%Comflow%"/-->

                    <Property name="global.group.filter.include" value="true" />

                </Properties>

            </Group>

        </Authorization>

...</Site>

         


    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout