Live Forms v5.1 is no longer supported. Click here for information about upgrading to our latest GA Release.

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

 

How to configure multiple users and group bases ?

The properties com.frevvo.security.ldap.usersBase and com.frevvo.security.ldap.groupsBase define a root node to search for entries. The searches are recursive and will traverse the hierarchy starting from those nodes.  If your multiple paths share a common base you can configure that value in these properties. For instance, lets assume the following bases:

CN=Sales,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com CN=HR,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com CN=Marketing,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com

A common path among these is CN=Users,DC=test,DC=windows,DC=frevvo,DC=com and that is what you can configure for com.frevvo.security.ldap.usersBase for instance.

Can I have more than one LDAP tenant ?

Yes, you can configure as many tenants as you want but they will all share the same configuration.

Can I connect to more than one LDAP Server ?

That is not supported. You can only connect to one server.

How can I configure the frevvo designers ?

The frevvo designers will be whatever members are returned by the LDAP filter configured in the property com.frevvo.security.ldap.frevvoDesignersFilter. It can essentially be any valid LDAP filter. One approach used by some customers is to created a group of frevvo designers in LDAP (Active Directory for instance), associate members to that group using whatever client is typically used to manage the names in your organization and configure that group in frevvo. For instance:

<Parameter name="com.frevvo.security.ldap.frevvoDesignersFilter"   value="(memberOf=CN=FrevvoDesigners,CN=Users,DC=test,DC=windows,DC=frevvo,DC=com)" override="false"/>

This is only one way of approaching this and as stated before you can write any valid LDAP here. The only restriction is that the collection of entries returned is expected to contain only users and objects of other types (such as groups) are ignored.

If cache is enabled (it is enabled by default), you may need to restart the frevvo server for the changes to take effect

  • No labels