Loading TOC...

sec.ldapServer

sec.ldapServer(
   $ldap-server-uri as String,
   $ldap-base as String,
   $ldap-attribute as String,
   $ldap-default-user as String,
   $ldap-password as String,
   $ldap-bind-method as String,
   [$ldap-memberof-attribute as String],
   [$ldap-member-attribute as String],
   [$ldap-start-tls as Boolean?],
   [$ldap-certificate as String?],
   [$ldap-private-key as String?],
   [$ldap-nested-lookup as Boolean?]
) as element(sec.ldapServer)

Summary

This function configures an LDAP server for use by the sec:create-external-security function.

Parameters
$ldap-server-uri The URI of the LDAP server.
$ldap-base The LDAP base for user lookup.
$ldap-attribute Parameter description... The LDAP attribute for user lookup.
$ldap-default-user The default user. If you specify an ldap-bind-method of simple, this must be a Distinguished Name (DN). If you specify an ldap-bind-method of MD5, this must be the name of a user registered with the LDAP server.
$ldap-password The default user password.
$ldap-bind-method The LDAP bind method to use. This can be either MD5, simple, or external. When simple is specified the server will use the LDAP default user to bind to the LDAP server and lookup the DN of the user. Then the server uses the user DN to connect to the LDAP server. If it is successful, the user is authenticated.

When using LDAP with simple bind, the password is not encrypted, so it is recommended that you use secure ldaps (LDAP with SSL).

A bind method of external makes use of a certificate to authenticate with the LDAP server. If the bind method is external, ldap-start-tls should be set to true.

$ldap-memberof-attribute The memberof LDAP attribute for group lookup.
$ldap-member-attribute The member LDAP attribute for group lookup.
$ldap-start-tls When the ldap-bind-method is set to external, this parameter specifies whether to start TLS when connecting to an LDAP server. If set to true, the LDAP server URI should start with ldap:/ instead of ldaps://.
$ldap-certificate The MarkLogic client certificate.
$ldap-private-key The MarkLogic private key.
$ldap-nested-lookup Indicates whether to do nested group lookup for user authorization or not.

Example



xquery version "1.0-ml"; 
 
import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";

sec:ldap-server(
        "ldap://dc1.mltest1.local:389", 
        "CN=Users,DC=MLTEST1,DC=LOCAL", 
        "sAMAccountName",
        "cn=User1,cn=Users,dc=MLTEST1,dc=local",
	    "password1",
	    "simple") 
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.