Difference between revisions of "Documentation/Administration Guide/LDAP Access"
From Apache OpenOffice Wiki
(→To Configure StarOffice to Access User Profiles From an LDAP Repository) |
(→To Configure StarOffice to Access User Profiles From an LDAP Repository) |
||
| Line 63: | Line 63: | ||
</oor:component-data> | </oor:component-data> | ||
<dl> | <dl> | ||
| − | <dt><tt>Server</tt><dd>Host name of the LDAP Server | + | <dt><tt>Server</tt></dt><dd>Host name of the LDAP Server</dd> |
| − | <dt><tt>BaseDN</tt><dd>Root entry of the enterprise directory | + | <dt><tt>BaseDN</tt></dt><dd>Root entry of the enterprise directory</dd> |
| − | <dt><tt>Port</tt><dd>Port number of the LDAP Server. The default port number is 389. | + | <dt><tt>Port</tt></dt><dd>Port number of the LDAP Server. The default port number is 389.</dd> |
| − | <dt><tt>SearchUser</tt><dd>Distinguished Name (DN) of an existing user with read-only access to the LDAP repository | + | <dt><tt>SearchUser</tt></dt><dd>Distinguished Name (DN) of an existing user with read-only access to the LDAP repository |
| − | {{Documentation/Note|This setting is only required if anonymous access is not supported by the LDAP server.}} | + | {{Documentation/Note|This setting is only required if anonymous access is not supported by the LDAP server.}}</dd> |
| − | <dt><tt>SearchPassword</tt><dd>Password of <tt>SearchUser</tt> | + | <dt><tt>SearchPassword</tt></dt><dd>Password of <tt>SearchUser</tt> |
| − | {{Documentation/Note|This setting is only required if anonymous access is not supported by the LDAP server.}} | + | {{Documentation/Note|This setting is only required if anonymous access is not supported by the LDAP server.}}</dd> |
| − | <dt><tt>UserObjectClass</tt><dd>Object class that identifies user entities<br>For example, the user entity for an OpenDS Server <tt>inetOrgPerson</tt>. To find the DN of a user, you need to use this entity in conjunction with the <tt>UserUniqueAttribute</tt> attribute. | + | <dt><tt>UserObjectClass</tt></dt><dd>Object class that identifies user entities<br>For example, the user entity for an OpenDS Server <tt>inetOrgPerson</tt>. To find the DN of a user, you need to use this entity in conjunction with the <tt>UserUniqueAttribute</tt> attribute.</dd> |
| − | <dt><tt>UserUniqueAttribute</tt><dd>Attribute that identifies user entities.<br>For example, the <tt>UserUniqueAttribute</tt> for an LDAP repository that is on an OpenDS server is <tt>uid</tt>. To find the DN of a user, you need to use this attribute in conjunction with the <tt>UserObjectClass</tt>. The server compares the value of this attribute to the login user name for the operating system. | + | <dt><tt>UserUniqueAttribute</tt></dt><dd>Attribute that identifies user entities.<br>For example, the <tt>UserUniqueAttribute</tt> for an LDAP repository that is on an OpenDS server is <tt>uid</tt>. To find the DN of a user, you need to use this attribute in conjunction with the <tt>UserObjectClass</tt>. The server compares the value of this attribute to the login user name for the operating system.</dd> |
| − | <dt><tt>Mapping</tt><dd>String that indicates a named mapping file, that is, <tt>$(Mapping)-attr.map</tt>.<br>For example, if the LDAP repository is an OpenDS server, the mapping entry is <tt>oo-ldap</tt>. This entry tells the LDAP User Profile Back End to use <tt>oo-ldap-attr.map</tt> as the mapping file. Alternatively, if the LDAP repository is an Active Directory, the Mapping entry is <tt>oo-ad-ldap</tt>. This entry tells the LDAP User Profile Back End to use <tt>oo-ad-ldap-attr.map</tt> as the mapping file. | + | <dt><tt>Mapping</tt></dt><dd>String that indicates a named mapping file, that is, <tt>$(Mapping)-attr.map</tt>.<br>For example, if the LDAP repository is an OpenDS server, the mapping entry is <tt>oo-ldap</tt>. This entry tells the LDAP User Profile Back End to use <tt>oo-ldap-attr.map</tt> as the mapping file. Alternatively, if the LDAP repository is an Active Directory, the Mapping entry is <tt>oo-ad-ldap</tt>. This entry tells the LDAP User Profile Back End to use <tt>oo-ad-ldap-attr.map</tt> as the mapping file.</dd> |
</dl> | </dl> | ||
</li> | </li> | ||
Revision as of 16:51, 5 September 2007
- Apache OpenOffice Basic Macros and Libraries
- Apache OpenOffice Extension Manager
- Adding Template Files to an Apache OpenOffice Installation
- Adding AutoText Files to an Apache OpenOffice Network Installation
- Deactivating the Apache OpenOffice Registration Wizard
- Accessing Email Clients
- Customizing the User Interface
- Restricting Functionality in Apache OpenOffice
- Accessing Apache OpenOffice User Profiles on an LDAP Server
| [[{{{PrevPage}}}|< Previous Page
]] |
[[{{{NextPage}}}|Next Page
>]] |
Manually Configuring StarOffice to Access User Profiles on an LDAP Server
StarOffice can use an LDAP User Profile Back End to access user profiles, such as first name, last name, and address, on an LDAP server. As a result, you do not need to manually enter user profiles when you install StarOffice on a network.
To retrieve user profiles for StarOffice from an LDAP repository, you need to provide the LDAP User Profile Back End with the following information:
- Location of the LDAP repository
- Mapping file that identifies the attributes in the LDAP repository which are required to generate a StarOffice user profile
The following sections describe this process.
Configuring StarOffice to Retrieve User Profiles From an LDAP Repository
You can specify the settings for the LDAP User Profile Back End in LDAP.xcu, an XML file, so that StarOffice can retrieve user profiles from an LDAP repository. StarOffice loads these settings during startup. The structure of the LDAP.xcu file is defined by the configuration schema for the org.openoffice.LDAP component. The schema is located in <install>/share/registry/schema/org/openoffice/LDAP.xcs.
To Configure StarOffice to Access User Profiles From an LDAP Repository
- In a text editor, create an XML configuration file with the name LDAP.xcu
Template:Documentation/Note
The following is the structure of the LDAP.xcu.sample file:
<oor:component-data oor:name="LDAP" oor:package="org.openoffice"
xmlns:oor="http://openoffice.org/2001/registry"
xmlns:xs="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<node oor:name="UserDirectory">
<node oor:name="ServerDefinition">
<prop oor:name="Server" oor:type="xs:string">
<value>ldapserver.mycorp.com</value>
</prop>
<prop oor:name="BaseDN" oor:type="xs:string">
<value>dc=mycorp,dc=com</value>
</prop>
<prop oor:name="Port" oor:type="xs:int">
<value>389</value>
</prop>
</node>
<!-- The following settings should be omitted,
if anonymous access is possible
<prop oor:name="SearchUser" oor:type="xs:string">
<value>MyUserLogin</value>
</prop>
<prop oor:name="SearchPassword" oor:type="xs:string">
<value>MyPassword</value>
</prop>
-->
<prop oor:name="UserObjectClass" oor:type="xs:string">
<value>inetorgperson</value>
</prop>
<prop oor:name="UserUniqueAttribute" oor:type="xs:string">
<value>uid</value>
</prop>
<prop oor:name="Mapping" oor:type="xs:string">
<value>oo-ldap</value>
</prop>
</node>
</oor:component-data>
- Server
- Host name of the LDAP Server
- BaseDN
- Root entry of the enterprise directory
- Port
- Port number of the LDAP Server. The default port number is 389.
- SearchUser
- Distinguished Name (DN) of an existing user with read-only access to the LDAP repository Template:Documentation/Note
- SearchPassword
- Password of SearchUser Template:Documentation/Note
- UserObjectClass
- Object class that identifies user entities
For example, the user entity for an OpenDS Server inetOrgPerson. To find the DN of a user, you need to use this entity in conjunction with the UserUniqueAttribute attribute. - UserUniqueAttribute
- Attribute that identifies user entities.
For example, the UserUniqueAttribute for an LDAP repository that is on an OpenDS server is uid. To find the DN of a user, you need to use this attribute in conjunction with the UserObjectClass. The server compares the value of this attribute to the login user name for the operating system. - Mapping
- String that indicates a named mapping file, that is, $(Mapping)-attr.map.
For example, if the LDAP repository is an OpenDS server, the mapping entry is oo-ldap. This entry tells the LDAP User Profile Back End to use oo-ldap-attr.map as the mapping file. Alternatively, if the LDAP repository is an Active Directory, the Mapping entry is oo-ad-ldap. This entry tells the LDAP User Profile Back End to use oo-ad-ldap-attr.map as the mapping file.
- Replace the value placeholders in the LDAP.xcu file with the mandatory settings for your LDAP server.
- Copy the LDAP.xcu file to <StarOffice installation>/share/registry/data/org/openoffice/
Mapping LDAP User Profiles
By default, a StarOffice installation includes two meta-configuration mapping files that map StarOffice user profile attributes to LDAP attributes. The LDAP User Profile Back End uses the <StarOffice installation>/share/registry/ldap/oo-ldap-attr.map mapping file for a Sun Java System Directory Server and the <StarOffice installation>/share/registry/ldap/oo-ad-ldap-attr.map mapping file for a Windows Active Directory Server. The Mapping entry in the LDAP.xcu file indicates which mapping file to use, for example, oo-ldap indicates the oo-ldap-attr.map file.
If you want, you can also create a custom user profile mapping file for an alternative LDAP server.
To Create a Custom User Profile Mapping File
- In a text editor, create a text file with the name oo-ldap server type-attr.mapTemplate:Documentation/Tip
- Enter the mapping information.
Each line in the file must have the following format:
<User Profile Attribute>=<LDAP Attribute 1>,<LDAP Attribute 2>,...,<LDAP Attribute N>Template:Documentation/Note - Copy the mapping file to the <StarOffice installation>/share/registry/ldap/ directory.Template:Documentation/Note
- In a text editor, open the <StarOffice installation>/share/registry/data/org/openoffice/LDAP.xcu file.
- Change the value of the Mapping property to the string that appears before the -attr.map in the name of the mapping file.
For example, the value of the Mapping property for the file
| Content on this page is licensed under the Public Documentation License (PDL). |
