How do I configure LDAP in FlexNet Code Insight?
SummaryThe entirety of FlexNet Code Insight?s LDAP configuration is done through the $palamida/config/core/core.ldap.properties file. The article discusses some of the primary properties in this file. The 'Additional Information' section of this article describes how to configure LDAP on FlexNet Code Insight 2018 R1 and above.
QuestionHow do I configure LDAP in FlexNet Code Insight?
The entirety of Palamida?s LDAP configuration is done through the $palamida/config/core/core.ldap.properties file. The file is self-documenting with comments explaining each property.
Below are the main properties which need to be set:
This property enables LDAP-based authentication to the Palamida application.
This property enables syncing of Palamida users from the LDAP server (i.e., pulling in users from LDAP into the Palamida application).
The hostname of the LDAP server, followed by a port number (389 for LDAP, 636 for LDAPS).
These need to be set to the appropriate credentials to log in and query the LDAP server.
This is somewhat of a tricky combination that seems to depend on the organization?s LDAP tree set-up. The important thing to remember is to NOT append ldap.base to ldap.searchbase.
Basically, ldap.base is the base node of all the necessary information to be searched in your LDAP server, while the ldap.searchBase is the base node for the users specifically.
Palamida ships the example file with ?ldap.base = dc=adtest,dc=palamida,dc=com? and ?ldap.searchBase = CN=Users?. Based on the properties we ship our file with, our LDAP tree thus looks like this:
Make sure that the attributes of your ldap.base node do not also appear in the attributes of your ldap.searchBase node, because the LDAP connector will try to append ldap.base to ldap.searchBase automatically, so that although ?ldap.searchBase = CN=Users? appears in the properties file, Palamida understands the full attributes of the ldap.searchBase node are actually combined with ldap.base as ?CN=Users,DC=adtest,DC=palamida,DC=com?
This is where the query/search filter go. Your organization should have this prepared, so if you don?t have it, contact your LDAP administrator. Otherwise, you'll need to create an appropriate one using an LDAP client.
It is helpful to have a tool to query your LDAP server to test search filters and connection settings without Palamida, such as JXplorer (http://jxplorer.org/). There are other clients available as well, both graphical and command-line.
This property is used to set the LDAP import frequency/timing. The default value in the properties file is:
ldap.jobFrequency=0 0 6 * * ?
This means that every morning at 6 AM the system syncs up with the LDAP server.
Another LDAP frequency example syntax is as follows:
ldap.jobFrequency=0 0/1 * * * ?
This means that Palamida syncs once a minute with the LDAP server.
Refer to this site for further information about the Quartz/cron expression format.
Additional InformationTo enable LDAP on FlexNet Code Insight 2018 R1 or above:
- Open the FlexNet Code Insight UI and navigate to 'Administration => LDAP'
- Use the 'Enable LDAP' buttons to enable the configuration settings for LDAP. This is similar to the ldap.enabled option for the 6.X products as shown above.
- For the LDAP URL add the hostname of the LDAP server, followed by a port number (389 for LDAP, 636 for LDAPS).
Example: ldap://myadserver.corp.com:389- Determine whether anonymous authentication is enabled on your LDAP server and set the 'Authentication Type' radio buttons to match
- If necessary add the LDAP username and password for the LDAP server
- As with the instructions for 6.X above, the LDAP Base, LDAP Search Base and LDAP Serach Query fields will vary based on your LDAP tree. Please ensure that these details are correct before attempting to sync users from your LDAP server. Please contact our Technical Support team if you require assistance with this step
- If your LDAP server is configured to use paging, set the LDAP Page Size settings appropriately. Otherwise set the 'Use Paging' option buttons to 'No'
- The LDAP User Sync Frequency allows you to automate the user sync on an 'Hourly', 'Daily' or 'Weekly' schedule as required
- The LDAP User Property Mappings section allows users to define which elements should be matched in order for a user to be imported.
An example of a completed LDAP properties page is as follows: