sec:create-external-security

sec:create-external-security(
   $external-security-name as xs:string,
   $description as xs:string,
   $authentication as xs:string,
   $cache-timeout as xs:unsignedInt,
   $authorization as xs:string,
   $ldap-server-uri as xs:string,
   $ldap-base as xs:string,
   $ldap-attribute as xs:string,
   $ldap-default-user as xs:string,
   $ldap-password as xs:string,
   $ldap-bind-method as xs:string
) as xs:unsignedLong

Summary

This function creates an external authentication configuration object and returns the id of the configuration. This configuration is used when MarkLogic Server is used with an external Kerberos and/or LDAP server to control user access.

For more information on external security, see External Authentication (LDAP and Kerberos) in the Understanding and Using Security Guide.

Parameters
external-security-name	The name of external authentication configuration.
description	The description of external authentication configuration.
authentication	The authentication protocol. This can be either `ldap` or `kerberos`.
cache-timeout	Login cache timeout, in seconds.
authorization	The authorization scheme. Set to `ldap` for external authorization using an LDAP server, or `internal` to authorize using MarkLogic Server.
ldap-server-uri	The LDAP server uri. This parameter is required if protocol or authorization is `ldap`.
ldap-base	The LDAP base for user lookup. This parameter is required if protocol or authorization is `ldap`.
ldap-attribute	The LDAP attribute for user lookup. This parameter is required if protocol or authorization is `ldap`.
ldap-default-user	The default user. If you specify an `ldap-bind-method` of `simple`, this must be a Distinguished Name (DN). If you specify an `ldap-bind-method` of `MD5`, this must be the name of a user registered with the LDAP server.
ldap-password	The default user password.
ldap-bind-method	The LDAP bind method to use. This can be either `MD5` or `simple`. When `simple` is specified the server will use the LDAP default user to bind to the LDAP server and lookup the DN of the user. Then the server uses the user DN to connect to the LDAP server. If it is successful, the user is authenticated. When using LDAP with `simple` bind, the password is not encrypted, so it is recommended that you use secure ldaps (LDAP with SSL).

Example

  (: execute this against the security database :)
  xquery version "1.0-ml"; 
 
  import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";
 
  sec:create-external-security(
        "ldapconfig", 
        "config for ldap", 
        "ldap", 
        300,
        "ldap", 
        "ldap://dc1.mltest1.local:389", 
        "CN=Users,DC=MLTEST1,DC=LOCAL", 
        "sAMAccountName",
        "cn=User1,cn=Users,dc=MLTEST1,dc=local",
	"password1",
	"simple")

     (: Creates an external authorization configuration object, named "ldapconfig," 
        that uses the 'simple' bind method for an LDAP server. :)

Stack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.

MarkLogic

Semaphore

OpenEdge

DataDirect

Sitefinity

Telerik

Kendo UI

Corticon

DataDirect

MOVEit

Chef

Flowmon

Kemp LoadMaster

WhatsUp Gold

Telerik

Kendo UI

Fiddler

Test Studio

MOVEit

WS_FTP

sec:create-external-security

Summary

Example