Loading TOC...

sec:ldap-server

sec:ldap-server(
   $ldap-server-uri as xs:string,
   $ldap-base as xs:string,
   $ldap-attribute as xs:string,
   $ldap-default-user as xs:string,
   $ldap-password as xs:string,
   $ldap-bind-method as xs:string,
   [$ldap-memberof-attribute as xs:string],
   [$ldap-member-attribute as xs:string],
   [$ldap-start-tls as xs:boolean?],
   [$ldap-certificate as xs:string?],
   [$ldap-private-key as xs:string?],
   [$ldap-nested-lookup as xs:boolean?]
) as element(sec:ldap-server)

Summary

This function configures an LDAP server for use by the sec:create-external-security function.

Parameters
$ldap-server-uri The URI of the LDAP server.
$ldap-base The LDAP base for user lookup.
$ldap-attribute Parameter description... The LDAP attribute for user lookup.
$ldap-default-user The default user. If you specify an ldap-bind-method of simple, this must be a Distinguished Name (DN). If you specify an ldap-bind-method of MD5, this must be the name of a user registered with the LDAP server.
$ldap-password The default user password.
$ldap-bind-method The LDAP bind method to use. This can be either MD5, simple, or external. When simple is specified the server will use the LDAP default user to bind to the LDAP server and lookup the DN of the user. Then the server uses the user DN to connect to the LDAP server. If it is successful, the user is authenticated.

When using LDAP with simple bind, the password is not encrypted, so it is recommended that you use secure ldaps (LDAP with SSL).

A bind method of external makes use of a certificate to authenticate with the LDAP server. If the bind method is external, ldap-start-tls should be set to true.

$ldap-memberof-attribute The memberof LDAP attribute for group lookup.
$ldap-member-attribute The member LDAP attribute for group lookup.
$ldap-start-tls When the ldap-bind-method is set to external, this parameter specifies whether to start TLS when connecting to an LDAP server. If set to true, the LDAP server URI should start with ldap:/ instead of ldaps://.
$ldap-certificate The MarkLogic client certificate.
$ldap-private-key The MarkLogic private key.
$ldap-nested-lookup Indicates whether to do nested group lookup for user authorization or not.

Example



xquery version "1.0-ml"; 
 
import module namespace sec = "http://marklogic.com/xdmp/security" 
      at "/MarkLogic/security.xqy";

sec:ldap-server(
        "ldap://dc1.mltest1.local:389", 
        "CN=Users,DC=MLTEST1,DC=LOCAL", 
        "sAMAccountName",
        "cn=User1,cn=Users,dc=MLTEST1,dc=local",
	    "password1",
	    "simple") 
    

Stack Overflow iconStack Overflow: Get the most useful answers to questions from the MarkLogic community, or ask your own question.