Introduction
  Installing
  Handling
  Virtual servers
  Modules
  Filesystems
  RXML tags
  Graphics
  Proxy
  Miscellaneous modules
  Security considerations
  Scripting
  Databases
  LDAP
    LDAP module
    LDAP user database
  FrontPage
  Upgrading
  Third party extensions
  Portability
  Reporting bugs
  Appendix
 
LDAP user database

Sometimes Roxen Challenger needs to access data about the users. The main reason for this is user authentication, but Roxen can also do other things with the data from the user database, for example, displaying them on a web page.

The LDAP User Database module enables Roxen Challenger to keep such user data in a LDAP directory. The data is stored in objects with the attributes (as defined in RFC2307) uid, userpassword, uidnumber, gidnumber, gecos, homedirectory and loginshell. These columns correspond to the fields in a UNIX password file, and are the fields that Challenger Authentication modules use. The directory object must contain the uid and userpassword attributes, whereas theother attributes can be replaced by default values. It is also possible to add extra columns when needed.

Access mode
This switch sets the authentification mode of the module. The mode can be user or guest.

With mode is changing several variables will be folded/unfolded.

guest
This mode is used for first-time users of LDAP based authentication. The connection to the LDAP server is done by user definitions in the configuration interface within the LDAP server sub menu.

This mode is not recommended for real using! The user defined for connection to the LDAP server must to have read permission to the whole subtree. This is, of course a security risk.

After connection the LDAP server an object corresponding to the search filter (see bellow) is searched and if user is founded his attribute userpassword is checked.

user
The connection to the LDAP server is done as real user his DN is constructed by the following formula:

[LDAP server->bind template] + [LDAP server->Base name]
for example (bind template='uid=%u%' and base name='o=UniBASE Ltd.,c=CZ'):
if user='hop' than
DN='uid=hop,o=UniBASE Ltd.,c=CZ'

If the connection is successful, then if is required existence of some attribute and/or her value, this is checked.

If some attributes aren't retrieved then is used defaults one.

Access type
The type of LDAP operation used for checking password (Guest mode only) and required attribute (User mode only.

Only 'search' type is implemented.

Cache entries
This flag defines whether the module will cache the user entries or not. Makes accesses faster, but changes in the directory will not show immediately.
Close the directory if not used
Guest mode only

Setting this will save resources when the module is not used.

Defaults...
Gecos
Default gecos.

Gecos map
The name of LDAP attribute mapped to gecos field.

Group ID
Default in case there is no Group ID attribute.

Group ID map
The name of LDAP attribute mapped to Group ID field.

Home Directory
Default in case there is no Home Directory attribute.

Home Directory map
The name of LDAP attribute mapped to Home Directory field.

Login Shell
Default in case there is no Login Shell attribute.

Login Shell map
The name of LDAP attribute mapped to Login Shell field.

User ID
Default in case there is no User ID attribute.

User ID map
The name of LDAP attribute mapped to User ID field.

Username add
Setting this will add user name to path to default directory. Mostly used in environment where all home directories have the same parent directory.

Search template ID
The template used by LDAP search operation as filter for retrieving user object. %u% will be replaced by user name.

Directory connection close timer
Guest mode only

How many seconds of inactivity it should take before the directory connection is closed.

LDAP query depth
Guest mode only

Scope used by LDAP search.

LDAP server...
Base name
The distinguished name to use as a base for queries. The value is also used for user DN creating (User mode only).

Typically, this would be an 'o' or 'ou' entry local to the DSA which contains the user entries.

Bind template
User mode only

The template for creating user DN. The Base name will be added as suffix.

Directory search username
Guest mode only

This user name will be used to authenticate when connecting to the LDAP server.

Directory user's password
Guest mode only

The password used to authenticate connection to directory.

Location
Name of host running the LDAP server with the authentication information.

Required attribute
User mode only

The attribute name which must be present for successfully authentication. Can be empty.

Required value
User mode only

The value of required attribute which must be present for successfully authentication. Can be empty.