Specify the following information in the ldapExternalTenantProcessor bean to map the RDN of the user to a hierarchy of organizations in JasperReports Server:
• | excludeRootDn property – Whether the base DN, also called root DN, should be mapped along with the RDN. For example, if the property list for organizationRDNs contains dc and you do not exclude the base DN of dc=example,dc=com, the base DN maps to the following: the organization ID example nested inside the organization ID com nested inside the specified root organization. The base DN is part of the LDAP URL specified in Setting the LDAP Connection Parameters. |
• | defaultOrganization property (optional) – The ID of an organization assigned to users that would otherwise be mapped to a null organization ID. |
If excludeRootDn = true, defaultOrganization = "" or is absent, and no organizationRDNs match in the DN of the user, then the user will have a null organization ID. The null organization ID is usually reserved for special users such as the system administrator and allows access the repository folder of all other organizations. To avoid this mapping, specify a value for defaultOrganization or ensure that every user has one of the organizationRDNs. |
The following example shows the syntax of the ldapExternalTenantProcessor bean and its properties:
<bean id="ldapExternalTenantProcessor" class="com.jaspersoft.jasperserver.multipleTenancy.security. externalAuth.processors.ldap.LdapExternalTenantProcessor" parent="abstractExternalProcessor"> <property name="ldapContextSource" ref="ldapContextSource" /> <property name="multiTenancyService"> <ref bean="internalMultiTenancyService"/></property> <property name="excludeRootDn" value="false"/> <!-- only following RDNs matter in creating the organization hierarchy --> <property name="organizationRDNs"> <list> <value>o</value> <value>ou</value> </list> </property> <property name="rootOrganizationId" value=""/> <property name="defaultOrganization" value="unassigned"/></bean>[/code] |
For example, given the ldapExternalTenantProcessor bean configuration above, an LDAP user with the DN uid=jack,ou=audit,ou=finance, dc=example,dc=com is placed in a organization named audit which is a child of an organization named finance, which in turn is a child of organization_1. This example illustrates that it is not possible to map only one of the two RDN components if they have the same attribute. In other words, the mapping mechanism does not let you choose to create only the audit or the finance organization; both are created if you specify ou in the list of organizationRDNs.
By default, the sample-applicationContext-externalAuth-LDAP-mt.xml file maps users to multiple organizations. If you wish to map all users to a single organization, see Mapping to a Single Organization |
Recommended Comments
There are no comments to display.