| Section |
|---|
| Column |
|---|
| It is possible to create user and groups in and use them to control access to the system as well as create workflows. It is also common that the list of users and groups is maintained externally in systems such as Active Directory or Open LDAP. can leverage your existing users repository. There are two configuration scenarios when integrating with LDAP. Each one uses a different Security Manager. - integrates with an external LDAP/AD system and is in full control of user authentications. Use the LDAP Security Manager in this situation.
- is deployed to an existing servlet container that is already handling user authentications through LDAP. Authentication, in this case, is the responsibility of the container. However, is responsible for runtime authorization and design time querying of user metadata. Use the LDAP Container Security Manager in this situation as that reuses the existing LDAP connector but relies on the container for user authentications.
|
|
Retrieving Custom Attributes from the LDAP Server
When a user is successfully authenticated by the LDAP security manager, retrieves the following basic user information from the LDAP server:
Last Name
First Name
Email address
Using a business rule, you can populate controls in your form with this information.
There are many attributes available in Active Directory. View this website for a partial list. Single and multi-value attributes are supported. Active Directory custom attributes can be retrieved for users in a tenant using the LDAP Security Manager or the LDAP Container Security Manager.
You can retrieve additional custom attribute information from the LDAP server using the configuration parameter "com.frevvo.security.ldap.customAttributes" and business rules.
Configure Retrievable Attributes
...