Organizations are a feature of JasperReports Server commercial editions. Skip this section if you have JasperReports Server community edition. |
In an architecture that allows multiple organizations, all users and roles except for system administrators and system roles belong to an organization. In turn, the organization determines the folders that the user may access in the repository. Therefore, the final part of mapping is determining an organization ID for the external user and roles, based on the user’s RDN in the directory.
If your JasperReports Server license does not allow multiple organizations, the default configuration automatically maps all LDAP users to the single default organization. See Mapping to a Single Organization. The rest of this section applies to commercial licenses that allow multiple organizations.
LDAP is well suited to mapping users into organizations, because LDAP itself has a hierarchal structure of user entries that is often used to represent separate organizations, such as the internal departments of a company. The LDAP tree structure is reflected in the elements of the RDN of each user entry, and the server maps this RDN into an organization or hierarchy of organizations for the external user. For example, the users uid=jack,ou=audit,ou=finance,dc=example,dc=com and uid=jill,ou=accounting,ou=finance,dc=example,dc=com could be mapped to the organizations audit and accounting, respectively, both of which are sub-organizations of finance.
In order to ensure consistency, the server must create the organization of any external user if the organization does not already exist. The server also creates any organization that does not exist in the hierarchy of organizations mapped from the user RDN. To avoid “stray” organizations that are outside of your intended hierarchy, test your mapping against all potential user DNs in your LDAP directory.
When mapping organizations, the server determines the mapped name and uses it as the name, ID, and description of the organization. You must insure that none of the organization names that are mapped contain the following characters: |, &, *, ?, <, >, /, , ~, !, #, $, %, ^, [, or ]. Finally, organizations that are created during external user login have an administrator with the default password. For security reasons, you should change the default password of any organization admin that is created. See Initialization of JasperReports Server for External Users for a process to initialize the server, including organization admins, before going into production with external authentication.
Recommended Comments
There are no comments to display.