Specifying userSearch Parameters

Use the userSearch bean to find users if they don't match a simple pattern. In particular, if you're authenticating users for one or more organizations, it is likely user entries are in multiple branches of your directory.

To search for user entries, locate the helper bean userSearch in sample-applicationContext-externalAuth-LDAP[-mt].xml and specify the following information:

An optional branch RDN where user entries are located. If not specified, the search includes your entire LDAP directory starting from the base DN of the LDAP URL specified in Setting the LDAP Connection Parameters.
An LDAP filter expression to compare any attribute or combination of attributes with the login name. JasperReports Server substitutes the login name entered by the user for the {0} placeholder to perform the search.
Whether or not the search should extend to all subtrees beneath the branch DN or, when no branch DN is specified, beneath the base DN.

When you enter a location for user search, make sure to use only the relative DN. Do not include the base DN that you set up when creating the LDAP connection parameters.

The following example shows the syntax of the bean’s constructor and property:

<bean id="userSearch" class="com.jaspersoft.jasperserver.api.security.
              externalAuth.wrappers.spring.ldap.JSFilterBasedLdapUserSearch">
  <constructor-arg index="0"><value>ou=users</value></constructor-arg>
  <constructor-arg index="1"><value>(uid={0})</value></constructor-arg>
  <constructor-arg index="2"><ref bean="ldapContextSource" /></constructor-arg>
  <property name="searchSubtree"><value>true</value></property>
</bean>

The combination of these three parameters lets you optimize the search for your user entries and reduce the load on your LDAP directory. For example, if your users are located in a dedicated branch of your LDAP structure, specify it in the first constructor argument to avoid searching the entire tree.