How to configure APIX-G to authenticate users from multiple OUs of an LDAP server?

How to configure APIX-G to authenticate users from multiple OUs of an LDAP server?

book

Article ID: KB0083757

calendar_today

Updated On:

Products Versions
TIBCO API Exchange ALL

Description

APIX-G can be configured to authenticate users from multiple OUs in both bind and search modes.

Environment

All supported platforms.

Resolution

There are two ways to achieve this requirement:

1). Configure LDAP Authentication in search-mode. For this, the following properties can be set:
userSearchExpression=
userSearchBaseDN=
userSearchScopeSubtree=true

The value for userSearchBaseDN can be set with the root OU/directory of all the OUs from which users have to be authenticated and with userSearchScopeSubtree set to "true" all the sub-directories/OUs will be used for the search.

2). When LDAP authentication is configured in bind-mode, the value for userDNTemplate should provide the fully-qualified DN of the user on the LDAP server. For example:
<>
If userDNTemplate=cn={0},ou=Support,dc=tibco,dc=com, it can authenticate users in the 'Support' OU.
If the incoming request has user4, then while binding with LDAP, "cn=user4,ou=Support,dc=tibco,dc=com" is used.

Similarly, userDNTemplate=cn={0},ou=PSG,dc=tibco,dc=com, it can authenticate users in the 'PSG' OU.

For the requirement of APIX-G to be able to authenticate(bind) users in different OUs, the following are some sample settings:
- setup my userDNTemplate as "{0},dc=tibco,dc=com
- and send usernames(in the request) for this config as:
cn=user4,ou=Support
cn=user5,ou=PSG

Attached is log file (Filename: MultiOU_auth_testing.log) which shows some sample transactions for this config. Also attached are sample properties files (Filename: LdapAsp.properties and LdapAsp_searchMode.properties) for bind and search modes.

Issue/Introduction

This article provides samples to configure the API Exchange Gateway engine to authenticate users from multiple OUs of an LDAP server.

Attachments

How to configure APIX-G to authenticate users from multiple OUs of an LDAP server? get_app
How to configure APIX-G to authenticate users from multiple OUs of an LDAP server? get_app
How to configure APIX-G to authenticate users from multiple OUs of an LDAP server? get_app