User Guide For Identity Inbound Ldap Provisioning

User Manual: Pdf

Open the PDF directly: View PDF .
Page Count: 6

Download
Open PDF In Browser	View PDF

Introduction
LDAP is a core protocol that is used to store user, role, and group information.Identity server already
supports connecting to LDAP supported authz systems for authentication and authorization. The idea of
this project is to make IS itself act as a LDAP protocol provider.
Identity server does expose a LDAP protocol endpoint by itself such that external ldap clients can connect
with IS directly. Here identity server uses userstore manager api to manage users in backend databases
such as JDBC,LDAP.

Following the order to setup LDAP endpoint
● Setup Identity.xml file
● Add new claim dialect
● Add apacheds-1.5.7.wso2v5.jar to {IS-HOME}/repository/components/dropins
● Add org.wso2.carbon.identity.inbound.ldap-1.0.0-SNAPSHOT.jar to
{IS-HOME}/repository/components/dropins
● Configure the primary user store
● Add user to wso2 IS userstore through ldap protocol
● Delete user from wso2 identity server userstore through ldap protocol

1. Setup Identity.xml file
enable

-

If true the LDAP endpoint will start when server starts up.

instanceid

-

An id given to the LDAP server instance.

connectionPassword

-

The password of the admin. (uid=admin,ou=system)

workingDirectory

-

Location where LDAP will store its schema files.

allowAnonymousAccess

-

Should allow users to access LDAP server without
credentials.Default false.

accessControlEnabled

-

Should access control be enabled among partitions. Default
true.

saslHostName

-

Default host name to be used in SASL (Simple Authentication
and Security Layer). This property comes from apacheds
implementation itself.

saslPrincipalName

-

Default SASL principal name. Again this property also comes
from apacheds implementation itself.


true
10390
default
admin
.
false
true
false
2000000
localhost
ldap/localhost@EXAMPLE.COM


2. Adding new claim dialect
When you are going to adding claim dialect into wso2 identity server there are two ways.
1.Add claim dialect to claim-config.xml file(Using file configuration)
2.Add claim dialect using Identity server ui(Using management console)
● Add claim dialect using claim-config.xml file
Create a claim Dialect
Claim

ClaimURI

DisplayNa
me

AttributeID

Description

MappedLocalClaim

1

http://wso2.org/ldap/claim/givenName

First Name

givenName

First Name

http://wso2.org/claims/givenname

2

http://wso2.org/ldap/claim/nickName

Nick Name

nickName

Nick Name

http://wso2.org/claims/nickname

3

http://wso2.org/ldap/claim/sn

Last Name

sn

Last Name

http://wso2.org/claims/lastname

4

http://wso2.org/ldap/claim/mail

Email

mail

Email
Address

http://wso2.org/claims/emailaddress

5

http://wso2.org/ldap/claim/dateOfBirth

DOB

dateOfBirth

Date of Birth

http://wso2.org/claims/dob

6

http://wso2.org/ldap/claim/gender

Gender

gender

Gender

http://wso2.org/claims/gender

7

http://wso2.org/ldap/claim/country

Country

country

Country

http://wso2.org/claims/country

8

http://wso2.org/ldap/claim/streetAddress

Street
Address

streetAddress

Street
Address

http://wso2.org/claims/streetaddress

9

http://wso2.org/ldap/claim/homePhone

Home
Phone

homePhone

Home Phone

http://wso2.org/claims/phoneNumbers.home

10

http://wso2.org/ldap/claim/otherPhone

Other Phone

otherPhone

Other Phone

http://wso2.org/claims/otherphone

11

http://wso2.org/ldap/claim/mobile

Mobile

mobile

Mobile

http://wso2.org/claims/mobile

12

http://wso2.org/ldap/claim/localityName

Locality

localityName

Locality

http://wso2.org/claims/locality

13

http://wso2.org/ldap/claim/stateOrProvinceNa
me

State

stateOrProvinc
eName

State

http://wso2.org/claims/stateorprovince

14

http://wso2.org/ldap/claim/postalCode

Postalcode

postalCode

Postalcode

http://wso2.org/claims/postalcode

15

http://wso2.org/ldap/claim/PPID

privatePersona
lIdentifier

PPID

http://wso2.org/claims/im

16

http://wso2.org/ldap/claim/cn

Full Name

cn

Full Name

http://wso2.org/claims/fullname

17

http://wso2.org/ldap/claim/organizationName

Organizatio
n

organizationN
ame

Organization

http://wso2.org/claims/organization

18

http://wso2.org/ldap/claim/telephoneNumber

Telephone

telephoneNum
ber

Telephone

http://wso2.org/claims/telephone

19

http://wso2.org/ldap/claim/uid

Username

uid

User name

http://wso2.org/claims/username

20

http://wso2.org/ldap/claim/role

Role

role

Role

http://wso2.org/claims/role

21

http://wso2.org/ldap/claim/createdDate

Created
Time

createdDate

Created
timestamp of
the user

http://wso2.org/claims/created

22

http://wso2.org/ldap/claim/im

Meta Version

im

Meta Version

http://wso2.org/claims/im

23

http://wso2.org/ldap/claim/lastModifiedDate

Last
Modified
Time

lastModifiedD
ate

Last
Modified
timestamp of
the user

http://wso2.org/claims/modified

http://wso2.org/ldap/claim/scimId

User ID

scimId

Unique ID of
the user

http://wso2.org/claims/userid

25

http://wso2.org/ldap/claim/url

URL

url

URL

http://wso2.org/claims/url

26

http://wso2.org/ldap/claim/homeEmail

Emails Home
Email

homeEmail

Home Email

http://wso2.org/claims/emails.home

27

http://wso2.org/ldap/claim/location

Location

location

Location

http://wso2.org/claims/location

28

http://wso2.org/ldap/claim/workEmail

Emails Work Email

workEmail

Work Email

http://wso2.org/claims/emails.work

24

Ex-You can add above information to claim-mgt.xml file according to this way.

http://wso2.org/ldap/claim/givenName
First Name
givenName
First Name


http://wso2.org/claims/givenname

More details https://docs.wso2.com/display/IS530/Adding+Claim+Dialects#AddingClaimDialects-Usingfileconfigurati
on
Also you can add claim dialect using identity server ui.
●
Add claim dialect using identity server ui
More details https://docs.wso2.com/display/IS530/Adding+Claim+Dialects

3. Setup bundles
There are two bundles you should use for start ldap endpoint
1.apacheds orbit bundle
2.ldap endpoint bindle
You should copy these two bundles into /repository/components/dropins
As a back end databases you can configure any type of databases which has been supporting to wso2
identity server.
Configuring the Primary User Store
https://docs.wso2.com/display/IS530/Configuring+the+Primary+User+Store

4. Add User
First you should create Sample ldif file. Here you can define more than one users.
sample.ldif
dn: uid=test,ou=Users,dc=wso2,dc=org
objectClass: top
objectClass: identityPerson
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
objectClass: wso2Person
objectClass: scimPerson
cn: cntest
sn: sntest
givenName: testuser
mail: test@wso2.com
mobile: 0711234567
organizationName: wso2
uid: test
userPassword:: YWJjZGU=
country: Srilanka
createdDate: 2017-12-02T17:16:04
lastModifiedDate: 2017-12-02T17:16:04
scimId: e8c029b1-e397-412e-87db-2125bb3ada56

Open a new terminal
ldapadd -h localhost -p 10390 -D "uid=admin,ou=system" -w admin -f sample.ldif

5. Delete User
Open a new terminal
ldapdelete -h localhost -p 10390 -D "uid=admin,ou=system" -w admin "uid=test,ou=Users,dc=WSO2,dc=ORG"

Source Exif Data:

File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.5
Linearized                      : Yes
Producer                        : Skia/PDF m65
Page Count                      : 6

EXIF Metadata provided by EXIF.tools

User Guide For Identity Inbound Ldap Provisioning

Navigation menu

Versions of this User Manual:

Views

Navigation