Parameter description...
The LDAP attribute for user lookup.
ldap-default-user
The default user. If you specify an ldap-bind-method of simple,
this must be a Distinguished Name (DN). If you specify an ldap-bind-method of
MD5, this must be the name of a user registered with the LDAP server.
ldap-password
The default user password.
ldap-bind-method
The LDAP bind method to use. This can be either
MD5, simple, or external.
When simple is specified
the server will use the LDAP default user to bind to the LDAP server and lookup
the DN of the user. Then the server uses the user DN to connect to the LDAP server.
If it is successful, the user is authenticated.
When using LDAP with simple bind, the password is not encrypted,
so it is recommended that you use secure ldaps (LDAP with SSL).
A bind method of external makes use of a certificate to authenticate
with the LDAP server. If the bind method is external,
ldap-start-tls should be set to true.
ldap-memberof-attribute
The memberof LDAP attribute for group lookup.
ldap-member-attribute
The member LDAP attribute for group lookup.
ldap-start-tls
When the ldap-bind-method is set to external, this
parameter specifies whether to start TLS when connecting to an LDAP server. If set to true,
the LDAP server URI should start with ldap:/ instead of ldaps://.
ldap-certificate
The MarkLogic client certificate.
ldap-private-key
The MarkLogic private key.
ldap-nested-lookup
Indicates whether to do nested group lookup for user authorization or not.
Example
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
sec:ldap-server(
"ldap://dc1.mltest1.local:389",
"CN=Users,DC=MLTEST1,DC=LOCAL",
"sAMAccountName",
"cn=User1,cn=Users,dc=MLTEST1,dc=local",
"password1",
"simple")
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.