LdapAuthenticator
The LdapAuthenticator is used to authenticate against an LDAP server. It Is a light-weight component which does authentication only and does not do lookup or bind.
The source code for this component is available with the installer.
Configuration
Component Configuration
Drag the LDAPAuthenticator adapter from the Service Palette and double-click the LDAPAuthenticator icon to launch the Component Configuration Sheet (CPS).
Attributes
Default Initial Context Factory
The JNDI framework allows different initial context implementations. Default context is set by providing the respective value for Initial Context Factory.
Default Provider URL
URL of the LDAP Server
Default Authentication
Type of security authentication required. Including the default value 'SIMPLE'; other options available are:
NONE
Does not use a default Authentication.
SIMPLE
Default Principal: The distinguished name of the entry that is to be authenticated.
Authentication ID has to be specified in the case of SASL mechanisms.
- Default Credentials: Password of the entry represented by 'Default Principal'.
CRAM-MD5
It has the same options as that of SIMPLE.
DIGEST-MD5
Below are the options apart from the ones present in SIMPLE:
- Default Authorization Id: The authorization Id for SASL mechanisms. If this property is not selected, ID will be derived from the client's authentication credentials.
- Default SASL Realm: The realm information required by SASL mechanisms. On selecting this, a mechanism-specific default is used.
GSSAPI
- Default Authorization Id: The authorization Id for SASL mechanisms. If this property is not selected, ID will be derived from the client's authentication credentials.
- krb5.conf Location: Path of the kerberos configuration file which contains the kerberos configuration information. If this property is not set, the default location is used.
- krb5 KDC: Kerberos KDC (Key Distribution Centre) used for the kerberos tickets.
- krb5 Realm: The default realm for kerberos.
- Login config file: The JAAS Login Configuration file.
EXTERNAL
The options Key Store Location, Key Store Type and Key Store Password gets added to the Attributes section.
Error Handling Configuration
Refer Error Handling Configuration section in Common Configurations page (ignore Connection Error section and refer JMS Error, Response Generation Error, Request Processing Error and Invalid Request Error).
Expert Properties
Enable SSL
SSL Support Mode
The two support modes available in the drop-down are:
- SSL Ports
- Start TLS Request
Specifies whether you like to enable SSl through the use of SSL Ports or via the use of Start TLS extension in LDAP.
The two options below appears after selecting Enable SSL check box.
- True Store Location: Location of Trust Store
- True Store Type: Type of Trust Store
Validate Input
If this check box is selected, the service validates the input received.
- If the Input validation is disabled, it does not validate the input and thereby increases the performance. However, it may cause undesired results if the input XML is not valid.