MarkLogic 9 Product Documentationsec:create-external-security
sec:create-external-security( $external-security-name as xs:string, $description as xs:string, $authentication as xs:string, $cache-timeout as xs:unsignedInt, $authorization as xs:string, $ldap-server as (sec:ldap-server)?, $saml-server as (sec:saml-server)?, $client-certificate-authorities as xs:unsignedLong*, $require-client-certificate as xs:boolean ) as xs:unsignedLong
Summary
This function creates an external authentication configuration object and returns the id of the configuration. This configuration is used when MarkLogic Server is used with an external Kerberos and/or LDAP server to control user access.
For more information on external security, see External Security in the Security Guide.
| Parameters | |
|---|---|
| external-security-name | The name of external authentication configuration. |
| description | The description of external authentication configuration. |
| authentication |
The authentication protocol. This can be either
ldap, saml,
kerberos, or certificate.
If authentication is |
| cache-timeout | Login cache timeout, in seconds. |
| authorization |
The authorization scheme. Set to ldap for external authorization
using an LDAP server, internal to authorize using MarkLogic Server,
or saml for SAML authorization.
|
| ldap-server | The LDAP server configuration created by the sec:ldap-server function. |
| saml-server | The SAML server configuration created by the sec:saml-server function. |
| client-certificate-authorities | One or more client certificate authority ids. |
| require-client-certificate |
Whether a client certificate is required. Set to true to require a client certificate,
or false to not require a client certificate. This parameter cannot be null or empty.
|
Example
(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
let $ldap-config := sec:ldap-server(
"ldap://dc1.mltest1.local:389",
"CN=Users,DC=MLTEST1,DC=LOCAL",
"sAMAccountName",
"cn=User1,cn=Users,dc=MLTEST1,dc=local",
"password1",
"simple")
return sec:create-external-security(
"ldapconfig",
"config for ldap",
"ldap",
300,
"ldap",
$ldap-config,
(), (),
true())
(: Creates an external authorization configuration object, named "ldapconfig,"
that uses the 'simple' bind method for an LDAP server. :)
Example
(: execute this against the security database :)
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
let $saml-config := sec:saml-server("http://id.example.com/example",
(),(),
<sec:http-options xmlns="xdmp:http">
<authentication method="digest">
<username>admin</username>
<password>admin</password>
</authentication>
</sec:http-options>)
return sec:create-external-security(
"samlconfig",
"config for saml",
"ldap",
300,
"saml",
(), $saml-config,
(), true())
(: Creates an external authorization configuration object, named "samlconfig,"
for a SAML server. :)