sec:create-external-security
sec:create-external-security(
$external-security-name as xs:string,
$description as xs:string,
$authentication as xs:string,
$cache-timeout as xs:unsignedInt,
$authorization as xs:string,
$ldap-server-uri as xs:string,
$ldap-base as xs:string,
$ldap-attribute as xs:string,
$ldap-default-user as xs:string,
$ldap-password as xs:string,
$ldap-bind-method as xs:string
) as xs:unsignedLong
Summary
This function creates an external authentication configuration object and returns the id of the
configuration. This configuration is
used when MarkLogic Server is used with an external Kerberos and/or LDAP server to control
user access.
For more information on external security,
see External Authentication (LDAP and Kerberos) in the Understanding and Using Security Guide.
Parameters |
external-security-name |
The name of external authentication configuration.
|
description |
The description of external authentication configuration.
|
authentication |
The authentication protocol. This can be either ldap or kerberos .
|
cache-timeout |
Login cache timeout, in seconds.
|
authorization |
The authorization scheme. Set to ldap for external authorization
using an LDAP server, or internal to authorize using MarkLogic Server.
|
ldap-server-uri |
The LDAP server uri. This parameter is required if protocol or authorization is
ldap .
|
ldap-base |
The LDAP base for user lookup. This parameter is required if protocol or
authorization is ldap .
|
ldap-attribute |
The LDAP attribute for user lookup. This parameter is required if protocol or
authorization is ldap .
|
ldap-default-user |
The default user. If you specify an ldap-bind-method of simple ,
this must be a Distinguished Name (DN). If you specify an ldap-bind-method of
MD5 , this must be the name of a user registered with the LDAP server.
|
ldap-password |
The default user password.
|
ldap-bind-method |
The LDAP bind method to use. This can be either
MD5 or simple . When simple is specified
the server will use the LDAP default user to bind to the LDAP server and lookup
the DN of the user. Then the server uses the user DN to connect to the LDAP server.
If it is successful, the user is authenticated.
When using LDAP with simple bind, the password is not encrypted,
so it is recommended that you use secure ldaps (LDAP with SSL).
|
Example
(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
sec:create-external-security(
"ldapconfig",
"config for ldap",
"ldap",
300,
"ldap",
"ldap://dc1.mltest1.local:389",
"CN=Users,DC=MLTEST1,DC=LOCAL",
"sAMAccountName",
"cn=User1,cn=Users,dc=MLTEST1,dc=local",
"password1",
"simple")
(: Creates an external authorization configuration object, named "ldapconfig,"
that uses the 'simple' bind method for an LDAP server. :)
Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.