Author: smumford
Date: 2011-04-27 02:25:29 -0400 (Wed, 27 Apr 2011)
New Revision: 6353
Modified:
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml
Log:
JBEPP-727: Finalized LDAP Integration section
Modified:
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml
===================================================================
---
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml 2011-04-27
06:01:09 UTC (rev 6352)
+++
epp/docs/branches/5.1/Reference_Guide/en-US/modules/AuthenticationAndIdentity/LDAP.xml 2011-04-27
06:25:29 UTC (rev 6353)
@@ -108,7 +108,7 @@
<substeps>
<step>
<para>
- Install your <application>LDAP</application>
server.
+ Install your <application>LDAP</application>
server by following the installation instructions provided for the product you are using.
</para>
<para>
If you are installing the <application>Red Hat
Directory Server</application> (RHDS), you should refer to the Installation Guide at
<ulink type="http"
url="http://docs.redhat.com/docs/en-US/Red_Hat_Directory_Server/inde...;.
@@ -267,14 +267,14 @@
</step>
</procedure>
- <section
id="sect-Reference_Guide-LDAP_Integration-LDAP_in_Readonly_Mode">
- <title>LDAP in Readonly Mode</title>
+ <section
id="sect-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode">
+ <title>LDAP in Read-only Mode</title>
<para>
- This section will show you how to add LDAP in readonly mode. This means
that user data entries (both pre-existing, and newly added through the JBoss Enterprise
Portal Platform User Interface) will be consumed though the Directory Server and LDAP
services, but written to the underlying database. The only exception is that passwords
updated via the UI will also be propagated into the appropriate LDAP entry.
+ This section will show you how to add LDAP in read-only mode. This means
that user data entries (both pre-existing, and newly added through the JBoss Enterprise
Portal Platform User Interface) will be consumed though the Directory Server and LDAP
services, but written to the underlying database. The only exception is that passwords
updated via the UI will also be propagated into the appropriate LDAP entry.
</para>
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode">
- <title>Set up LDAP readonly Mode</title>
+ <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_mode-Set_up_LDAP_read-only_Mode">
+ <title>Set up LDAP read-only Mode</title>
<step>
<para>
Open the
<filename><replaceable>ID_HOME</replaceable>/idm-configuration.xml</filename>
file.
@@ -295,22 +295,22 @@
<itemizedlist>
<listitem>
<para>
- <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-RHDS_or_OpenDS"/>
+ <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-RHDS_or_OpenDS"/>
</para>
</listitem>
<listitem>
<para>
- <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-MSAD"/>
+ <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-MSAD"/>
</para>
</listitem>
<listitem>
<para>
- <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-OpenLDAP"/>
+ <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-OpenLDAP"/>
</para>
</listitem>
</itemizedlist>
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-RHDS_or_OpenDS">
+ <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-RHDS_or_OpenDS">
<title>Red Hat Directory Server or OpenDS</title>
<step>
<para>
@@ -335,17 +335,17 @@
</entry>
]]></programlisting>
<para>
- Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
+ Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
</para>
</step>
<step>
<para>
- Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-Step-4"/>.
+ Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4"/>.
</para>
</step>
</procedure>
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-MSAD">
+ <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-MSAD">
<title>Microsoft Active Directory</title>
<step>
<para>
@@ -365,20 +365,25 @@
</entry>
]]></programlisting>
<para>
- Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
+ Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
</para>
</step>
<step>
<para>
- Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-Step-4"/>.
+ Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4"/>.
</para>
</step>
</procedure>
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-OpenLDAP">
+ <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-OpenLDAP">
<title>OpenLDAP</title>
<step>
<para>
+ If you have not done so already, install your LDAP
server. Refer to <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_Set_Up"/> for some
assistance.
+ </para>
+ </step>
+ <step>
+ <para>
Uncomment the line under "<emphasis>OpenLDAP
ReadOnly "ACME" LDAP Example</emphasis>":
</para>
<programlisting language="XML"
role="XML"><![CDATA[<!--OpenLDAP ReadOnly "ACME" LDAP
Example-->
@@ -399,18 +404,18 @@
</entry>
]]></programlisting>
<para>
- Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
+ Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
</para>
</step>
<step>
<para>
- Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-Step-4"/>.
+ Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4"/>.
</para>
</step>
</procedure>
</step>
- <step
id="step-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode-Step-4">
+ <step
id="step-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_Mode-Set_up_LDAP_read-only_Mode-Step-4">
<para>
To use a different LDAP server or directory data, edit the
DS-specific <filename>.xml</filename> file you uncommented in <emphasis
role="bold">Substep 3a</emphasis> above and change the values to suit
your requirements.
</para>
@@ -467,7 +472,7 @@
</procedure>
<para>
- Users defined in LDAP should be visable in "<emphasis>Users and
groups management</emphasis>" and groups from LDAP should be present as
children of <emphasis>/acme/roles</emphasis> and
<emphasis>/acme/organization_units</emphasis>.
+ Users defined in LDAP should be visible in "<emphasis>Users and
groups management</emphasis>" and groups from LDAP should be present as
children of <emphasis>/acme/roles</emphasis> and
<emphasis>/acme/organization_units</emphasis>.
</para>
<para>
More information about configuration can be found in <xref
linkend="sect-Reference_Guide-PicketLink_IDM_integration"/> and in the
PicketLink project <ulink type="http"
url="http://anonsvn.jboss.org/repos/picketlink/idm/downloads/docs/1....
Guide</ulink>.
@@ -477,12 +482,20 @@
<section
id="sect-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store">
<title>LDAP as Default Store</title>
<para>
- The procedure to set LDAP up as the default identity store for JBoss
Enterprise Portal Platform.
+ Follow the procedure below to set LDAP up as the default identity store
for JBoss Enterprise Portal Platform. All default accounts and some of groups that comes
with JBoss Enterprise Portal Platform will be created in the LDAP store.
</para>
+ <para>
+ The LDAP server will be configured to store part of the JBoss
Enterprise Portal Platform group tree. This means that groups under specified part of the
tree will be stored in directory server while all others will be stored in database.
+ </para>
<procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store">
<title>Set up LDAP as Default Indentity Store</title>
<step>
<para>
+ If you have not done so already, install your LDAP server. Refer
to <xref linkend="proc-Reference_Guide-LDAP_Integration-LDAP_Set_Up"/> for
some assistance.
+ </para>
+ </step>
+ <step>
+ <para>
Open the
<filename><replaceable>ID_HOME</replaceable>/idm-configuration.xml</filename>
file.
</para>
<para>
@@ -496,129 +509,101 @@
</step>
<step>
<para>
- Uncomment the appropriate sample configuration values as
described below, depending on which Directory Server you are implementing:
+ Uncomment the appropriate LDAP configuration entry depending on
your LDAP server:
</para>
- <itemizedlist>
- <listitem>
- <para>
- <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-RHDS_or_OpenDS"/>
- </para>
- </listitem>
- <listitem>
- <para>
- <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-MSAD"/>
- </para>
- </listitem>
- <listitem>
- <para>
- <xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-OpenLDAP"/>
- </para>
- </listitem>
- </itemizedlist>
-
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-RHDS_or_OpenDS">
- <title>Red Hat Directory Server or OpenDS</title>
+ <procedure>
+ <title>For RHDS and OpenDS</title>
<step>
<para>
- Uncomment the line under "<emphasis>Read Only
"ACME" LDAP Example</emphasis>":
- </para>
-<programlisting language="XML"
role="XML"><![CDATA[<!--Read Only "ACME" LDAP Example-->
-<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-acme-config.xml</value>
+ Expose the entry under "<emphasis>Sample LDAP
config</emphasis>":
+ </para>
+<programlisting language="XML"
role="XML"><![CDATA[<!--Sample LDAP config-->
+<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-ldap-config.xml</value>
]]></programlisting>
-
</step>
<step>
<para>
- Uncomment the
<parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment
for ACME LDAP example</emphasis>":
+ Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5"/>
</para>
-<programlisting language="XML"
role="XML"><![CDATA[<entry>
- <key><string>/acme/roles/*</string></key>
- <value><string>acme_roles_type</string></value>
-</entry>
-<entry>
- <key><string>/acme/organization_units/*</string></key>
- <value><string>acme_ou_type</string></value>
-</entry>
-]]></programlisting>
- <para>
- Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
- </para>
</step>
- <step>
- <para>
- Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-4"/>.
- </para>
- </step>
</procedure>
-
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-MSAD">
- <title>Microsoft Active Directory</title>
- <step>
- <para>
- Uncomment the line under "<emphasis>MSAD Read
Only "ACME" LDAP Example</emphasis>":
- </para>
-<programlisting language="XML"
role="XML"><![CDATA[<!--MSAD Read Only "ACME" LDAP
Example-->
-<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-readonly-config.xml</value>
+ <procedure>
+ <title>For MSAD</title>
+ <step>
+ <para>
+ Expose the entry under "<emphasis>MSAD LDAP
Example</emphasis>":
+ </para>
+<programlisting language="XML"
role="XML"><![CDATA[<!--MSAD LDAP Example-->
+<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-msad-config.xml</value>
]]></programlisting>
+ <procedure>
+ <title>To use SSL encryption with
MSAD:</title>
+ <step>
+ <para>
+ Open the
<filename><replaceable>ID_HOME</replaceable>/picketlink-idm/examples/picketlink-idm-msad-config.xml</filename>.
+ </para>
+ </step>
+ <step>
+ <para>
+ Ensure the following entries are uncommented and
that the path to the <filename>truststore</filename> file and password are
correct:
+ </para>
+<programlisting><option>
+ <name>customSystemProperties</name>
+
<value>javax.net.ssl.trustStore=<replaceable>/path/to/truststore</replaceable></value>
+
<value>javax.net.ssl.trustStorePassword=<replaceable>password</replaceable></value>
+</option>
+</programlisting>
+ <para>
+ You can import a custom certificate by replacing
the <replaceable>certificate</replaceable> and
<replaceable>truststore</replaceable> details in the following command:
+ </para>
+<programlisting><command>keytool -import -file
<filename><replaceable>certificate</replaceable></filename>
-keystore
<filename><replaceable>truststore</replaceable></filename></command>
+</programlisting>
+ </step>
+ </procedure>
</step>
<step>
<para>
- Uncomment the
<parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment
for MSAD ReadOnly LDAP example</emphasis>":
+ Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5"/>
</para>
-<programlisting language="XML"
role="XML"><![CDATA[<entry>
- <key><string>/acme/roles/*</string></key>
- <value><string>msad_roles_type</string></value>
-</entry>
-]]></programlisting>
- <para>
- Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
- </para>
- </step>
+ </step>
+ </procedure>
+ <procedure>
+ <title>For OpenLDAP</title>
<step>
<para>
- Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-4"/>.
+ Expose the entry under "<emphasis>OpenLDAP
LDAP config</emphasis>":
</para>
- </step>
- </procedure>
-
- <procedure
id="proc-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-OpenLDAP">
- <title>OpenLDAP</title>
- <step>
- <para>
- Uncomment the line under "<emphasis>OpenLDAP
ReadOnly "ACME" LDAP Example</emphasis>":
- </para>
-<programlisting language="XML"
role="XML"><![CDATA[<!--OpenLDAP ReadOnly "ACME" LDAP
Example-->
-<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-acme-config.xml</value>
+<programlisting language="XML"
role="XML"><![CDATA[<!--OpenLDAP LDAP config-->
+<value>war:/conf/organization/picketlink-idm/examples/picketlink-idm-openldap-config.xml</value>
]]></programlisting>
</step>
<step>
<para>
- Uncomment the
<parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment
for ACME LDAP example</emphasis>":
+ Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5"/>
</para>
+ </step>
+ </procedure>
+ </step>
+ <step
id="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-5">
+ <para>
+ Uncomment the
<parameter>groupTypeMappings</parameter> under "<emphasis>Uncomment
for sample LDAP configuration</emphasis>":
+ </para>
<programlisting language="XML"
role="XML"><![CDATA[<entry>
- <key><string>/acme/roles/*</string></key>
- <value><string>acme_roles_type</string></value>
+ <key><string>/platform/*</string></key>
+ <value><string>platform_type</string></value>
</entry>
<entry>
- <key><string>/acme/organization_units/*</string></key>
- <value><string>acme_ou_type</string></value>
+ <key><string>/organization/*</string></key>
+ <value><string>organization_type</string></value>
</entry>
]]></programlisting>
- <para>
- Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
- </para>
- </step>
- <step>
- <para>
- Continue to <xref
linkend="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-4"/>.
- </para>
- </step>
- </procedure>
+ <para>
+ Refer to <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings"/>
for more information about how these <parameter>groupTypeMappings</parameter>
operate.
+ </para>
</step>
-
- <step
id="step-Reference_Guide-LDAP_Integration-LDAP_as_Default_Store-Set_up_LDAP_as_Default_Indentity_Store-Step-4">
+ <step>
<para>
- To use a different LDAP server or directory data, edit the
DS-specific <filename>.xml</filename> file you uncommented in <emphasis
role="bold">Substep 3a</emphasis> above and change the values to suit
your requirements.
+ To use a different LDAP server or directory data, edit the
DS-specific <filename>.xml</filename> file you uncommented in <emphasis
role="bold">Step 4</emphasis> above and change the values to suit your
requirements.
</para>
<para>
Refer to the list in <xref
linkend="exam-Reference_Guide-LDAP_Integration-Examples-LDAP_configuration_options"/>
for some examples or refer to the product-specific documentation for more information.
@@ -634,42 +619,6 @@
Navigate to the portal homepage (<ulink type="http"
url="http://localhost:8080/portal"></ulink>) and log in as an
administrator.
</para>
</step>
- <step>
- <para>
- Navigate to <menuchoice>
- <guimenu>Group</guimenu>
- <guimenuitem>Organization</guimenuitem>
- <guimenuitem>Users and groups
management</guimenuitem>
- </menuchoice>.
- </para>
- <substeps>
- <step>
- <para>
- Create a new group called
<emphasis>acme</emphasis> under the root node.
- </para>
- </step>
- <step>
- <itemizedlist>
- <listitem>
- <para>
- <emphasis role="bold">For RHDS,
OpenDS and OpenLDAP</emphasis>:
- </para>
- <para>
- Create two sub-groups called
<emphasis>roles</emphasis> and
<emphasis>organization_units</emphasis>.
- </para>
- </listitem>
- <listitem>
- <para>
- <emphasis role="bold">For
MSAD:</emphasis>
- </para>
- <para>
- Create a subgroup called
<emphasis>roles</emphasis>.
- </para>
- </listitem>
- </itemizedlist>
- </step>
- </substeps>
- </step>
</procedure>
</section>
@@ -691,7 +640,7 @@
</listitem>
<listitem>
<para>
- One of the three example configuration files discussed in
<xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_readonly_mode-Set_up_LDAP_readonly_Mode"/>:
+ One of the three example configuration files discussed in
<xref
linkend="proc-Reference_Guide-LDAP_Integration-LDAP_in_Read-only_mode-Set_up_LDAP_read-only_Mode"/>:
</para>
<simplelist>
<member><filename>picketlink-idm-ldap-acme-config.xml</filename></member>
@@ -734,7 +683,7 @@
</listitem>
<listitem>
<para>
- <emphasis
role="bold">MSAD</emphasis>: CN=Users,DC=test,DC=domain (in two
places)
+ <emphasis
role="bold">MSAD</emphasis>: CN=Users,DC=test,DC=domain (in two
places).
</para>
</listitem>
</itemizedlist>
@@ -747,7 +696,7 @@
The LDAP server connection URL. Formatted as
"ldap://localhost:<replaceable><PORT></replaceable>".
The default setting is: <emphasis>ldap://localhost:1389</emphasis>.
</para>
<para>
- <emphasis
role="bold">MSAD</emphasis>: Should use SSL connection
(ldaps://xxx:636) if password update or entry creation is expected to work.
+ <emphasis
role="bold">MSAD</emphasis>: Should use SSL connection
(ldaps://xxx:636) for password update or creation to work.
</para>
</listitem>
</varlistentry>
@@ -793,11 +742,6 @@
<para>
This option defines the values needed to use SSL
encryption with LDAP.
</para>
- <para>
- To use it, ensure that it is is uncommented and that
the path to the <filename>.truststore</filename> file and passward are
correct.
- </para>
-<remark>DOCS NOTE: I didn't include the
<emphasis>keytool</emphasis> command or the code snippet here, as
-</remark>
</listitem>
</varlistentry>
</variablelist>
@@ -807,32 +751,32 @@
Author [w/email]: Bolesław Dawidowicz (bdawidow(a)redhat.com), Jeff Yu
License: ??
-->
- <example
id="exam-Reference_Guide-LDAP_Integration-Examples-groupTypeMappings">
- <title>groupTypeMappings</title>
+ <example
id="exam-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings">
+ <title>Read Only groupTypeMappings</title>
<para>
- The <parameter>groupTypeMappings</parameter> exposed
in the <filename>idm-configuration.xml</filename> file correspond to
<parameter>identity-object-type</parameter> values defined in the DS-specific
configuration file referenced in <emphasis>Sub-step 3a</emphasis> of the
DS-specific procedure.
+ The <parameter>groupTypeMappings</parameter> exposed
in the <filename>idm-configuration.xml</filename> file correspond to
<parameter>identity-object-type</parameter> values defined in the DS-specific
configuration file (referenced in <emphasis>Sub-step 3a</emphasis> of the
DS-specific procedure above).
</para>
<para>
For RHDS, OpenDS and OpenLDAP the
<filename>picketlink-idm-ldap-acme-config.xml</filename> and
<filename>picketlink-idm-openldap-acme-config.xml</filename> files contain the
following values:
</para>
<programlistingco>
<areaspec>
- <areaset
id="area-Reference_Guide-LDAP_Integration-Examples-config-opends"
coords="">
- <area coords="10 40"
id="area-Reference_Guide-LDAP_Integration-Examples-config-users-opends" />
- <area coords="14 40"
id="area-Reference_Guide-LDAP_Integration-Examples-config-groups-opends" />
+ <areaset
id="area-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings-config-opends"
coords="">
+ <area coords="10 40"
id="area-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings-config-users-opends"
/>
+ <area coords="14 40"
id="area-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings-config-groups-opends"
/>
</areaset>
- <area coords="17 40"
id="area-Reference_Guide-LDAP_Integration-Examples-config-readonly-opends"
/>
+ <area coords="17 40"
id="area-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings-config-read-only-opends"
/>
</areaspec>
<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_LDAP/readonly-opends.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
<calloutlist>
<!--#1-->
- <callout
arearefs="area-Reference_Guide-LDAP_Integration-Examples-config-opends">
+ <callout
arearefs="area-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings-config-opends">
<para>
The PicketLink IDM configuration file dictates that
users and those two group types be stored in LDAP.
</para>
</callout>
<!--#2-->
- <callout
arearefs="area-Reference_Guide-LDAP_Integration-Examples-config-readonly-opends">
+ <callout
arearefs="area-Reference_Guide-LDAP_Integration-Examples-Read_Only_groupTypeMappings-config-read-only-opends">
<para>
An additional option defines that nothing else (except
password updates) should be written there.
</para>
@@ -851,5 +795,35 @@
The difference is that this configuration maps only one group type
and points to the same container in LDAP for both users and mapped groups.
</para>
</example>
+
+ <example
id="exam-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings">
+ <title>Default groupTypeMappings</title>
+ <para>
+ The <parameter>groupTypeMappings</parameter> exposed
in the <filename>idm-configuration.xml</filename> file correspond to
<parameter>identity-object-type</parameter> values defined in the DS-specific
configuration file (referenced in <emphasis>Sub-step 3a</emphasis> of the
DS-specific procedure above).
+ </para>
+ <para>
+ All of the supported LDAP configurations use the following values
when implemented as the default identity store:
+ </para>
+ <programlistingco>
+ <areaspec>
+ <areaset
id="area-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings-config"
coords="">
+ <area coords="10 40"
id="area-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings-config-1"
/>
+ <area coords="14 40"
id="area-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings-config-2"
/>
+ </areaset>
+ </areaspec>
+<programlisting language="XML" role="XML"><xi:include
href="../../extras/Authentication_Identity_LDAP/default-ldap.xml"
parse="text"
xmlns:xi="http://www.w3.org/2001/XInclude"
/></programlisting>
+ <calloutlist>
+ <!--#1-->
+ <callout
arearefs="area-Reference_Guide-LDAP_Integration-Examples-Default_groupTypeMappings-config">
+ <para>
+ The
<parameter>groupTypeMappings</parameter> define that all groups under
<parameter>/platform</parameter> should be stored in PicketLink IDM with the
<parameter>platform_type</parameter> group type name and groups under
<parameter>/organization</parameter> should be stored in PicketLink IDM with
<parameter>organization_type</parameter> group type name.
+ </para>
+ <para>
+ The PicketLink IDM configuration file repository maps
users and those two group types as stored in LDAP.
+ </para>
+ </callout>
+ </calloutlist>
+ </programlistingco>
+ </example>
</section>
</section>
\ No newline at end of file