- LDAP; Configure Authentication

LDAP

[EE 7.0+] The LDAP sign on validates a user ID and password against an existing LDAP server.

Using LDAP allows the user ID and password to be centrally located. The user signs in to the

application with their LDAP sign-on (user ID and password). WOW utilizes the LDAP credentials

provided by the user and contacts LDAP to verify authentication. This authentication option

requires that the existing LDAP system be accessible from the WOW server.

NOTICE: Because each LDAP configuration may be unique, it is not guaranteed that the default

WOW implementation will be compatible with your environment. Custom Java development may be

required that is not part of standard WOW product support. Customization can be done by WOW

consultants.

Steps for configuring LDAP Authentication

1) Create a Referrer Operation:

To use the LDAP sign on, you must first create an operation of type “Referrer Authorization”. In the

operation code, specify the LDAP connection URL.

You will need to contact your LDAP administrator for the specifics of your LDAP server, but here is a

basic break down of the LDAP connection URL:

ldap://ldapip:636,uid=??USERNAME,ou=people,o=mycompany

• • ldap:// - required URL prefix.

  • ldapip – the host or ip address of the LDAP service directory

  • 636 – the LDAP port to use. Generally port 389 is the default for unsecured (user ID and

    • password are visible) and port 636 is the default for secured (SSL). Port unsecured port should

    • only be used for initial testing. Enabling the use of SSL will be explained later.

  • uid=??USERNAME – provides the user ID to the LDAP server. WOW will replace the ??USERNAME

    • parameter with the user ID specified on the signon screen.

  • Base information - Authenticating for individual people (e.g. "ou=people,o=mycompany")

2) Configure the Application:

Next configure the application to use the LDAP sign on. Change the Sign On Type to “LDAP Sign On”. Then

change Sign On Operation to the LDAP sign on operation (Referer Authorization) created in the previous step.

LDAP Without SSL

By default, WOW tries to use SSL when authenticating with LDAP. For initial testing or for LDAP usage without SSL, use the following property group on your LDAP operation:

• • Use the non-secure port in the LDAP URL, usually 389 although your's may be different.

  • In the application's properties, include the following:

    • LDAP{ssl:false;}

TODO: Either link to other sections or combine all LDAP to increase readability.