MarkLogic 9 Product Documentation
sec:ldap-serversec:ldap-server(
$ldap-server-uri as xs:string,
$ldap-base as xs:string,
$ldap-attribute as xs:string,
$ldap-default-user as xs:string,
$ldap-password as xs:string,
$ldap-bind-method as xs:string,
[$ldap-memberof-attribute as xs:string],
[$ldap-member-attribute as xs:string],
[$ldap-start-tls as xs:boolean?],
[$ldap-certificate as xs:string?],
[$ldap-private-key as xs:string?],
[$ldap-nested-lookup as xs:boolean?]
) as element(sec:ldap-server)
Summary
This function configures an LDAP server for use by the
sec:create-external-security function.
Parameters |
ldap-server-uri |
The URI of the LDAP server.
|
ldap-base |
The LDAP base for user lookup.
|
ldap-attribute |
Parameter description...
The LDAP attribute for user lookup.
|
ldap-default-user |
The default user. If you specify an ldap-bind-method of simple ,
this must be a Distinguished Name (DN). If you specify an ldap-bind-method of
MD5 , this must be the name of a user registered with the LDAP server.
|
ldap-password |
The default user password.
|
ldap-bind-method |
The LDAP bind method to use. This can be either
MD5 , simple , or external .
When simple is specified
the server will use the LDAP default user to bind to the LDAP server and lookup
the DN of the user. Then the server uses the user DN to connect to the LDAP server.
If it is successful, the user is authenticated.
When using LDAP with simple bind, the password is not encrypted,
so it is recommended that you use secure ldaps (LDAP with SSL).
A bind method of external makes use of a certificate to authenticate
with the LDAP server. If the bind method is external ,
ldap-start-tls should be set to true .
|
ldap-memberof-attribute |
The memberof LDAP attribute for group lookup.
|
ldap-member-attribute |
The member LDAP attribute for group lookup.
|
ldap-start-tls |
When the ldap-bind-method is set to external , this
parameter specifies whether to start TLS when connecting to an LDAP server. If set to true,
the LDAP server URI should start with ldap:/ instead of ldaps:// .
|
ldap-certificate |
The MarkLogic client certificate.
|
ldap-private-key |
The MarkLogic private key.
|
ldap-nested-lookup |
Indicates whether to do nested group lookup for user authorization or not.
|
Example
xquery version "1.0-ml";
import module namespace sec = "http://marklogic.com/xdmp/security"
at "/MarkLogic/security.xqy";
sec:ldap-server(
"ldap://dc1.mltest1.local:389",
"CN=Users,DC=MLTEST1,DC=LOCAL",
"sAMAccountName",
"cn=User1,cn=Users,dc=MLTEST1,dc=local",
"password1",
"simple")
Copyright © 2024 MarkLogic Corporation. MARKLOGIC is a
registered trademark of MarkLogic Corporation.