Difference between revisions of "Documentation/Administration Guide/LDAP Access"

From Apache OpenOffice Wiki
Jump to: navigation, search
Line 21: Line 21:
 
<ol>
 
<ol>
 
<li>In a text editor, create an XML configuration file with the name <tt>LDAP.xcu</tt>.
 
<li>In a text editor, create an XML configuration file with the name <tt>LDAP.xcu</tt>.
{{Documentation/Note|A sample <tt>LDAP.xcu</tt> file is provided at <tt>''install-dir''/share/registry/data/org/openoffice/LDAP.xcu.sample</tt>.}}
+
{{Note|A sample <tt>LDAP.xcu</tt> file is provided at <tt>''install-dir''/share/registry/data/org/openoffice/LDAP.xcu.sample</tt>.}}
  
 
The structure of the <tt>LDAP.xcu.sample</tt> file is:
 
The structure of the <tt>LDAP.xcu.sample</tt> file is:
Line 67: Line 67:
 
;<tt>Port</tt>: Port number of the LDAP Server. The default port number is 389.
 
;<tt>Port</tt>: Port number of the LDAP Server. The default port number is 389.
 
;<tt>SearchUser</tt>: Distinguished Name (DN) of an existing user with read-only access to the LDAP repository.
 
;<tt>SearchUser</tt>: Distinguished Name (DN) of an existing user with read-only access to the LDAP repository.
{{Documentation/Note|This setting is only required if anonymous access is not supported by the LDAP server.}}
+
{{Note|This setting is only required if anonymous access is not supported by the LDAP server.}}
 
;<tt>SearchPassword</tt>: Password of <tt>SearchUser</tt>.
 
;<tt>SearchPassword</tt>: Password of <tt>SearchUser</tt>.
{{Documentation/Note|This setting is only required if anonymous access is not supported by the LDAP server.}}
+
{{Note|This setting is only required if anonymous access is not supported by the LDAP server.}}
 
;<tt>UserObjectClass</tt>: Object class that identifies user entities.<br>For example, the user entity for an OpenDS Server might be <tt>inetOrgPerson</tt>. To find the DN of a user, you need to use this entity in conjunction with the <tt>UserUniqueAttribute</tt> attribute.
 
;<tt>UserObjectClass</tt>: Object class that identifies user entities.<br>For example, the user entity for an OpenDS Server might be <tt>inetOrgPerson</tt>. To find the DN of a user, you need to use this entity in conjunction with the <tt>UserUniqueAttribute</tt> attribute.
 
;<tt>UserUniqueAttribute</tt>: Attribute that identifies user entities.<br>For example, the <tt>UserUniqueAttribute</tt>  for an LDAP repository that is on an OpenDS server might be <tt>uid</tt>. To find the DN of a user, you need to use this attribute in conjunction with the <tt>UserObjectClass</tt>. The server compares the value of this attribute to the login user name for the operating system.
 
;<tt>UserUniqueAttribute</tt>: Attribute that identifies user entities.<br>For example, the <tt>UserUniqueAttribute</tt>  for an LDAP repository that is on an OpenDS server might be <tt>uid</tt>. To find the DN of a user, you need to use this attribute in conjunction with the <tt>UserObjectClass</tt>. The server compares the value of this attribute to the login user name for the operating system.
Line 83: Line 83:
 
<ol>
 
<ol>
 
<li>In a text editor, create an XML configuration file with the name <tt>oo-ldap.xcd</tt>.  This file should contain the same LDAP information as described above.  In addition, this file also contains the {{OOo}} configuration properties using <tt>oor:external</tt> attributes to specify the corresponding LDAP attributes.  The value of an <tt>oor:external</tt> attribute must be the service name <tt>com.sun.star.configuration.backend.LdapUserProfileBe</tt> followed by a space and then followed by one or more LDAP attribute names (which may not contain commas) separated by commas (and no interspersed spaces).   
 
<li>In a text editor, create an XML configuration file with the name <tt>oo-ldap.xcd</tt>.  This file should contain the same LDAP information as described above.  In addition, this file also contains the {{OOo}} configuration properties using <tt>oor:external</tt> attributes to specify the corresponding LDAP attributes.  The value of an <tt>oor:external</tt> attribute must be the service name <tt>com.sun.star.configuration.backend.LdapUserProfileBe</tt> followed by a space and then followed by one or more LDAP attribute names (which may not contain commas) separated by commas (and no interspersed spaces).   
{{Documentation/Note|A sample file for Sun Java System Directory Server is provided at <tt>basis/share/registry/oo-ldap.xcd.sample</tt>, and <tt>basis/share/registry/oo-ad-ldap.xcd.sample</tt> for Windows Active Directory Server.}}
+
{{Note|A sample file for Sun Java System Directory Server is provided at <tt>basis/share/registry/oo-ldap.xcd.sample</tt>, and <tt>basis/share/registry/oo-ad-ldap.xcd.sample</tt> for Windows Active Directory Server.}}
 
</li>
 
</li>
 
<li>Replace the value placeholders in the <tt>oo-ldap.xcd</tt> file with the mandatory settings for your LDAP server.</li>
 
<li>Replace the value placeholders in the <tt>oo-ldap.xcd</tt> file with the mandatory settings for your LDAP server.</li>
Line 93: Line 93:
 
By default, an {{OOo}} installation (up to OpenOffice.org 3.2.x) includes two meta-configuration mapping files that map {{OOo}} user profile attributes to LDAP attributes. The LDAP User Profile Back End uses the <tt>''install-dir''/share/registry/ldap/oo-ldap-attr.map</tt> mapping file for a Sun Java System Directory Server and the <tt>''install-dir''/share/registry/ldap/oo-ad-ldap-attr.map</tt> mapping file for a Windows Active Directory Server. The Mapping entry in the <tt>LDAP.xcu</tt> file indicates which mapping file to use. For example, <tt>oo-ldap</tt> indicates the <tt>oo-ldap-attr.map</tt> file.
 
By default, an {{OOo}} installation (up to OpenOffice.org 3.2.x) includes two meta-configuration mapping files that map {{OOo}} user profile attributes to LDAP attributes. The LDAP User Profile Back End uses the <tt>''install-dir''/share/registry/ldap/oo-ldap-attr.map</tt> mapping file for a Sun Java System Directory Server and the <tt>''install-dir''/share/registry/ldap/oo-ad-ldap-attr.map</tt> mapping file for a Windows Active Directory Server. The Mapping entry in the <tt>LDAP.xcu</tt> file indicates which mapping file to use. For example, <tt>oo-ldap</tt> indicates the <tt>oo-ldap-attr.map</tt> file.
  
{{Documentation/Note|If you want to change the location of the mapping files, then edit the <tt>CFG_LdapMappingUrl</tt> entry in the <tt>''install-dir''/program/configmgrrc</tt> file to point to the new location of the file. In Windows, this entry is in the <tt>''install-dir''/program/configmgr.ini</tt> file.}}
+
{{Note|If you want to change the location of the mapping files, then edit the <tt>CFG_LdapMappingUrl</tt> entry in the <tt>''install-dir''/program/configmgrrc</tt> file to point to the new location of the file. In Windows, this entry is in the <tt>''install-dir''/program/configmgr.ini</tt> file.}}
  
 
You can also create a custom user profile mapping file for an alternative LDAP server.
 
You can also create a custom user profile mapping file for an alternative LDAP server.
Line 105: Line 105:
 
You can only map user profile attributes that are present in the {{OOo}} configuration schema. The file name path for this schema is <tt>''install-dir''/share/registry/schema/org/openoffice/UserProfile.xcs</tt>. You can edit the list of corresponding LDAP attributes to show which attributes in the user entries hold the personal data. The LDAP server sequentially queries each LDAP attribute in the list.</li>
 
You can only map user profile attributes that are present in the {{OOo}} configuration schema. The file name path for this schema is <tt>''install-dir''/share/registry/schema/org/openoffice/UserProfile.xcs</tt>. You can edit the list of corresponding LDAP attributes to show which attributes in the user entries hold the personal data. The LDAP server sequentially queries each LDAP attribute in the list.</li>
 
<li>Copy the mapping file to the <tt>''install-dir''/share/registry/ldap/</tt> directory.
 
<li>Copy the mapping file to the <tt>''install-dir''/share/registry/ldap/</tt> directory.
{{Documentation/Note|You need administrator rights to copy the mapping file to this directory on a network installation.}}</li>
+
{{Note|You need administrator rights to copy the mapping file to this directory on a network installation.}}</li>
 
<li>In the <tt>''install-dir''/share/registry/data/org/openoffice/LDAP.xcu</tt> file, change the value of the <tt>Mapping</tt> property to the string that appears before the <tt>-attr.map</tt> in the name of the mapping file.<br> For example, the value of the <tt>Mapping</tt> property for the file.</li>  
 
<li>In the <tt>''install-dir''/share/registry/data/org/openoffice/LDAP.xcu</tt> file, change the value of the <tt>Mapping</tt> property to the string that appears before the <tt>-attr.map</tt> in the name of the mapping file.<br> For example, the value of the <tt>Mapping</tt> property for the file.</li>  
 
</ol>
 
</ol>
 
{{InterWiki Languages AdminGuide|articletitle=Documentation/Administration Guide/LDAP Access}}
 
{{InterWiki Languages AdminGuide|articletitle=Documentation/Administration Guide/LDAP Access}}
 
{{PDL1}}
 
{{PDL1}}

Revision as of 20:10, 2 July 2018


Apache OpenOffice can use an LDAP User Profile Back End to access user profiles, such as first name, last name, and address, on an LDAP server. As a result, you do not need to manually enter user profiles when you install Apache OpenOffice on a network.

To retrieve user profiles for Apache OpenOffice from an LDAP repository, you need to provide the LDAP User Profile Back End with the following information:

  • Location of the LDAP repository
  • Mapping file that identifies the attributes in the LDAP repository that are required to generate an Apache OpenOffice user profile

Configuring Apache OpenOffice to Retrieve User Profiles From an LDAP Repository

You specify the settings for the LDAP User Profile Back End in an XML file. Apache OpenOffice loads these settings during startup. The structure of the XML file is defined by the configuration schema for the org.openoffice.LDAP component. The schema is located in install-dir/share/registry/schema/org/openoffice/LDAP.xcs.

To Configure Apache OpenOffice to Access User Profiles From an LDAP Repository (up to Apache OpenOffice 3.2.x)

  1. In a text editor, create an XML configuration file with the name LDAP.xcu.
    Documentation note.png A sample LDAP.xcu file is provided at install-dir/share/registry/data/org/openoffice/LDAP.xcu.sample.

    The structure of the LDAP.xcu.sample file is:

     <oor:component-data oor:name="LDAP" oor:package="org.openoffice" 
     xmlns:oor="http://openoffice.org/2001/registry" 
     xmlns:xs="http://www.w3.org/2001/XMLSchema" 
     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
     <node oor:name="UserDirectory">
       <node oor:name="ServerDefinition">
         <prop oor:name="Server" oor:type="xs:string">
           <value>ldapserver.mycorp.com</value>
         </prop>
         <prop oor:name="BaseDN" oor:type="xs:string">
           <value>dc=mycorp,dc=com</value>
         </prop>
         <prop oor:name="Port" oor:type="xs:int">
           <value>389</value>
         </prop>
       </node>
       <!-- The following settings should be omitted if anonymous access is possible -->
         <prop oor:name="SearchUser" oor:type="xs:string"> 
            <value>MyUserLogin</value>
         </prop> 
         <prop oor:name="SearchPassword" oor:type="xs:string"> 
            <value>MyPassword</value> 
         </prop> 
       <!-- End of strings that should be omitted if anonymous access is possible -->
       <prop oor:name="UserObjectClass" oor:type="xs:string">
         <value>inetorgperson</value>
       </prop>
       <prop oor:name="UserUniqueAttribute" oor:type="xs:string">
         <value>uid</value>
       </prop>
       <prop oor:name="Mapping" oor:type="xs:string">
         <value>oo-ldap</value>
       </prop>
     </node>
     </oor:component-data>
  2. Server
    Host name of the LDAP Server.
    BaseDN
    Root entry of the enterprise directory.
    Port
    Port number of the LDAP Server. The default port number is 389.
    SearchUser
    Distinguished Name (DN) of an existing user with read-only access to the LDAP repository.
    Documentation note.png This setting is only required if anonymous access is not supported by the LDAP server.
    SearchPassword
    Password of SearchUser.
    Documentation note.png This setting is only required if anonymous access is not supported by the LDAP server.
    UserObjectClass
    Object class that identifies user entities.
    For example, the user entity for an OpenDS Server might be inetOrgPerson. To find the DN of a user, you need to use this entity in conjunction with the UserUniqueAttribute attribute.
    UserUniqueAttribute
    Attribute that identifies user entities.
    For example, the UserUniqueAttribute for an LDAP repository that is on an OpenDS server might be uid. To find the DN of a user, you need to use this attribute in conjunction with the UserObjectClass. The server compares the value of this attribute to the login user name for the operating system.
    Mapping
    String that indicates a named mapping file, that is, $(Mapping)-attr.map.
    For example, if the LDAP repository is an OpenDS server, then the mapping entry is oo-ldap. This entry tells the LDAP User Profile Back End to use oo-ldap-attr.map as the mapping file. Alternatively, if the LDAP repository is an Active Directory, then the Mapping entry is oo-ad-ldap. This entry tells the LDAP User Profile Back End to use oo-ad-ldap-attr.map as the mapping file.
  3. Replace the value placeholders in the LDAP.xcu file with the mandatory settings for your LDAP server.
  4. Copy the LDAP.xcu file to install-dir/share/registry/data/org/openoffice/.

To Configure Apache OpenOffice to Access User Profiles From an LDAP Repository (for Apache OpenOffice 3.3 and higher)

Documentation caution.png If you have deployed the LDAP backend on any Apache OpenOffice installations using previous versions of Apache OpenOffice. You must migrate your old basis/share/registry/data/org/openoffice/LDAP.xcu (and basis/share/registry/ldap/*-attr.map) to the new basis/share/registry/oo-ldap.xcd when you upgrade to Apache OpenOffice 3.3 or higher. If you do not migrate the LDAP configurations, Apache OpenOffice will not be able obtain the relevant user data from LDAP.
  1. In a text editor, create an XML configuration file with the name oo-ldap.xcd. This file should contain the same LDAP information as described above. In addition, this file also contains the Apache OpenOffice configuration properties using oor:external attributes to specify the corresponding LDAP attributes. The value of an oor:external attribute must be the service name com.sun.star.configuration.backend.LdapUserProfileBe followed by a space and then followed by one or more LDAP attribute names (which may not contain commas) separated by commas (and no interspersed spaces).
    Documentation note.png A sample file for Sun Java System Directory Server is provided at basis/share/registry/oo-ldap.xcd.sample, and basis/share/registry/oo-ad-ldap.xcd.sample for Windows Active Directory Server.
  2. Replace the value placeholders in the oo-ldap.xcd file with the mandatory settings for your LDAP server.
  3. Copy the oo-ldap.xcd file to basis/share/registry/.

Mapping LDAP User Profiles (up to OpenOffice.org 3.2.x)

Documentation caution.png The LDAP.xcu.sample, oo-ldap-attr.map, oo-ad-ldap-attr.map files and corresponding directories have been removed in Apache OpenOffice 3.3. The Apache OpenOffice configuration property /org.openoffice/LDAP/UserDirectory/Mapping is no longer used in Apache OpenOffice 3.3 and higher, and has been marked as obsolete.

By default, an Apache OpenOffice installation (up to OpenOffice.org 3.2.x) includes two meta-configuration mapping files that map Apache OpenOffice user profile attributes to LDAP attributes. The LDAP User Profile Back End uses the install-dir/share/registry/ldap/oo-ldap-attr.map mapping file for a Sun Java System Directory Server and the install-dir/share/registry/ldap/oo-ad-ldap-attr.map mapping file for a Windows Active Directory Server. The Mapping entry in the LDAP.xcu file indicates which mapping file to use. For example, oo-ldap indicates the oo-ldap-attr.map file.

Documentation note.png If you want to change the location of the mapping files, then edit the CFG_LdapMappingUrl entry in the install-dir/program/configmgrrc file to point to the new location of the file. In Windows, this entry is in the install-dir/program/configmgr.ini file.

You can also create a custom user profile mapping file for an alternative LDAP server.

To Create a Custom User Profile Mapping File

  1. Create a text file with the name oo-ldap-server-type-attr.map. Template:Documentation/Tip
  2. Type the mapping information.
    Each line in the file must have the following format: user-profile-attribut=LDAP-attribute1,LDAP-attribute2,...,LDAP-attribute-n.
    You can only map user profile attributes that are present in the Apache OpenOffice configuration schema. The file name path for this schema is install-dir/share/registry/schema/org/openoffice/UserProfile.xcs. You can edit the list of corresponding LDAP attributes to show which attributes in the user entries hold the personal data. The LDAP server sequentially queries each LDAP attribute in the list.
  3. Copy the mapping file to the install-dir/share/registry/ldap/ directory.
    Documentation note.png You need administrator rights to copy the mapping file to this directory on a network installation.
  4. In the install-dir/share/registry/data/org/openoffice/LDAP.xcu file, change the value of the Mapping property to the string that appears before the -attr.map in the name of the mapping file.
    For example, the value of the Mapping property for the file.
Content on this page is licensed under the Public Documentation License (PDL).
Personal tools
In other languages