How to configure LDAP property file if user and group belong to different domain (let say group is in domain and user is in sub domain)
Article ID: KB0080592
Updated On:
| Products | Versions |
|---|---|
| TIBCO Data Virtualization | 7.0.7,All, , , |
Description
How-to-configure-LDAP-property-file-if-user-and-group-belong-to-different-domain-let-say-group-is-in-domain-and-user-is-in-sub-domain
Issue/Introduction
How-to-configure-LDAP-property-file-if-user-and-group-belong-to-different-domain-let-say-group-is-in-domain-and-user-is-in-sub-domain
Resolution
The URL for the LDAP server where all the users and groups reside is
ldap://corp.tibco.com.com:389/DC=corp,DC=tibco,DC=com
Given this group DN
=====================================================================
CN=Composite_ReadOnly,OU=Privileged Groups,OU=_restricted,DC=corp,DC=tibco,DC=com
{=====================================================================
And this set of LDAP users
======================================================================
member CN=amundhra,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=bshao,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=nadam,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=schopra,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=uvepache,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=aprabhu,OU=Users,OU=DBL,DC=noam,DC=corp,DC=tibco,DC=com
member CN=rvegesan,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=rvegiraj,OU=Users,OU=SMO,DC=noam,DC=corp,DC=tibco,DC=com
member CN=gkathri,OU=Users,OU=SMO,DC=noam,DC=corp,DC=tibco,DC=com
member CN=sgujar,OU=Users,OU=DBL,DC=noam,DC=corp,DC=tibco,DC=com
member CN=vrebala,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=sogokhal,OU=Users,OU=SMO,DC=noam,DC=corp,DC=tibco,DC=com
member CN=akulkarni,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
==========================================================================
I am going to test adding the different OUs to the user search for users in different locations (DBL, SMO, etc.). Note that the user search path includes the subdomain (DC=noam or DC=euro).
*************************************************************************************************************************************************
corp.frk.com.user.search.context=OU=Users,OU=SMO,DC=noam|OU=Users,OU=DBL,DC=noam|OU=Users,OU=HYD,DC=euro
*************************************************************************************************************************************************
In Web Manager, I have added a new external domain using the URL above, added the Composite_ReadOnly group, and gave it the appropriate permissions. .
Note that you can make changes in ldap.properties without restarting the TDV server. The file is reread every time someone logs in or a change is made in Web Manager.
I have added these below settings in ldap.properties as per the above require
corp.tibco.com.max.page.size=1000
ldap://corp.tibco.com.com:389/DC=corp,DC=tibco,DC=com
Given this group DN
=====================================================================
CN=Composite_ReadOnly,OU=Privileged Groups,OU=_restricted,DC=corp,DC=tibco,DC=com
{=====================================================================
And this set of LDAP users
======================================================================
member CN=amundhra,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=bshao,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=nadam,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=schopra,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=uvepache,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=aprabhu,OU=Users,OU=DBL,DC=noam,DC=corp,DC=tibco,DC=com
member CN=rvegesan,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=rvegiraj,OU=Users,OU=SMO,DC=noam,DC=corp,DC=tibco,DC=com
member CN=gkathri,OU=Users,OU=SMO,DC=noam,DC=corp,DC=tibco,DC=com
member CN=sgujar,OU=Users,OU=DBL,DC=noam,DC=corp,DC=tibco,DC=com
member CN=vrebala,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
member CN=sogokhal,OU=Users,OU=SMO,DC=noam,DC=corp,DC=tibco,DC=com
member CN=akulkarni,OU=Users,OU=HYD,DC=euro,DC=corp,DC=tibco,DC=com
==========================================================================
I am going to test adding the different OUs to the user search for users in different locations (DBL, SMO, etc.). Note that the user search path includes the subdomain (DC=noam or DC=euro).
*************************************************************************************************************************************************
corp.frk.com.user.search.context=OU=Users,OU=SMO,DC=noam|OU=Users,OU=DBL,DC=noam|OU=Users,OU=HYD,DC=euro
*************************************************************************************************************************************************
In Web Manager, I have added a new external domain using the URL above, added the Composite_ReadOnly group, and gave it the appropriate permissions. .
Note that you can make changes in ldap.properties without restarting the TDV server. The file is reread every time someone logs in or a change is made in Web Manager.
I have added these below settings in ldap.properties as per the above require
corp.tibco.com.max.page.size=1000
corp.tibco.com.all.users.search.context= corp.tibco.com.all.users.filter=(&(objectCategory=person)(objectclass=user)) corp.tibco.com.all.users.username.attribute=samaccountname corp.tibco.com.all.users.search.timeout=0 corp.tibco.com.all.groups.search.context=OU=Privileged Groups,OU=_restricted|OU=Groups,OU=_Tibco corp.tibco.com.all.groups.filter=(&(objectclass=group)(objectCategory=group)) corp.tibco.com.all.groups.groupname.attribute=cn corp.tibco.com.all.groups.search.timeout=0 #corp.tibco.com.user.username.comparison.is.case.sensitive=true corp.tibco.com.user.username.comparison.is.case.sensitive=false corp.tibco.com.user.search.context=OU=Users,OU=DBL,DC=noam|OU=Users,OU=SMO,DC=noam|OU=Users,OU=HYD,DC=euro|OU=Users,OU=STA,DC=noam|OU=Users,OU=POZ,DC=euro corp.tibco.com.user.filter=(&(samaccountname=USERNAME)(objectclass=user)(objectCategory=person)) corp.tibco.com.user.username.attribute=samaccountname corp.tibco.com.user.search.timeout=1000 corp.tibco.com.user.groups.search.context=OU=Privileged Groups,OU=_restricted|OU=Groups,OU=_tibco corp.tibco.com.user.groups.filter=(&(member=USERDN)(objectclass=group)(objectCategory=group)) corp.tibco.com.user.groups.groupname.attribute=cn corp.tibco.com.user.groups.search.timeout=1000
Feedback
Yes
No
Powered by
