Issue:Currently JRS officially supports integration of one instance of LDAP server thru Spring configuration. There might be needs for integrating multiple LDAP servers. For example, Server 1: ldap.mycompany.com Top-level domain: mycompany.com Each LDAP server may also have user accounts in different containers in the tree. | [toc] |
For example:
Company A has an LDAP server with a BaseDN of DC=CompanyA,DC=com and all users in the DC=Users container
Company A buys Company B and decides to use their existing LDAP server with a BaseDN of DC=B,DC=Company,DC=net and users are in multiple containers throughout the LDAP tree.
There could be even more complex cascading and clustering scenarios.
Resolution:
According to Spring Source,
http://static.springsource.org/spring-ldap/site/reference/html/configuration.html
8.1.1. LDAP Server URLs The URL of the LDAP server is specified using the url property. The URL should be in the format, ldap://myserver.example.com:389.
For SSL access, use the ldaps protocol and the appropriate port, e.g. ldaps://myserver.example.com:636
It is possible to configure multiple alternate LDAP servers using the urls property. In this case, supply all server urls in a String array to the urls property.
DefaultSpringSecurityContextSource class appears to be designed to potentially receive a list of URLs (tab/space/EOL separated). However, this scenario has not been tested by Jaspersoft. Furthermore, this may be a corner case requiring additional restrictions such as common structure between the LDAP instances.
For the simple scenario above or more complex scenarios, as of v4.7 July, 2012, our engineering department recommends solving the problem on the LDAP level. The LDAP provider should have fully certified features to support the various scenarios as mentioned above or more, Jasper Server would simply connect as usual to the top controlling LDAP server.
Ref. Case #00027163 -- 23:41, 5 July 2012 (UTC)
Recommended Comments
There are no comments to display.