I am doing external authentication using LDAP. I have to authenticate a user via LDAP and allow the user to access many app servers. I want to know how to map all the ldap user ( users in ldap server Example:ldap://company1.local:389) with users in Database. I have created a external configuration object and assigned to a new http server with application level authentication. I dont want to store ldap user password in database. Do I have to create all users(same as in active directory) in database with some password and map them?
Add a comment
|
1 Answer
Yes, it's possible to configure ML to use external authentication via LDAP:
20 Comments
Ajaii
I have followed all the steps. Http server port is 8020. When I go to localhost:8020, I entered user credentials and I get 404 not found. How LDAP map the database user with external names to ldap server?
wst
@Ajaii Are you sure ML is able to connect to LDAP? Does localhost:8020 prompt for credentials, or did you just enter them as part of the URL?
Ajaii
yes I can connect to ldap server. I used xdmp:ldap-lookup for checking one user. It displayed all the details of user. When I go to localhost:8020,it prompts for credentials. I entered username and password. I got 404 error. I am using Active Directory Explorer to see all users and I store the same username with external names.Do I have to create any roles for the users?
grtjn
@Ajaii Could be wrong, but to my knowledge MarkLogic first checks authentication. Only after that it starts looking for the requested resource. So, getting a 404 would mean that authentication succeeded. Are you sure you are accessing an existing resource? Module, image, default.xqy or other?
grtjn
@Ajaii I'm not very familiar with the LDAP support, but in general a MarkLogic user needs to have the right to execute xqy, and read docs. If your troubling user pre-exists in ML, try disabling LDAP, set the user as default with app-level authentication. If there is still a problem, your problem is related to document/module permissions. Give your user a role that is allowed to exec the resource you are calling. Compare the roles of that user with those of the other users you have..
|