爲了使用目錄作爲存儲用戶和角色信息, LDAP服務器可從JOSSO網關(an LDAP server accessible from the JOSSO Gateway)。在TCP / IP端口參與的LDAP會議是389和636的SSL 。
JOSSO已經測試OpenLDAP和ActiveDirectory,但應與幾乎任何標準LDAP服務器。
這種使用方法將解釋如何把JOSSO單點登錄與LDAP服務器的存儲的用戶和作用的信息。它將執行的LDAP存儲,配置提供身份驗證信息,如用戶密碼,使用LDAP協議。
如果你已經安裝了自己的schema,這一步並不是必需的。你應該替換。
You should create a namespace which should contain user and role entries. Lets have a look at an example.(你應該創建一個命名空間應包含用戶和作用的項目。可以看看一個例子)
LDIF file:
# OU DEFINITIONS
# People OU - for holding records of all individuals
dn: ou=People,dc=my-domain,dc=com
ou: People
objectClass: top
objectClass: organizationalUnit
# Roles OU - for holding records of roles and the users to which those roles
# have been assigned
dn: ou=Roles,dc=my-domain,dc=com
ou: Roles
objectClass: top
objectClass: organizationalUnit
# PEOPLE ENTRIES
dn: uid=user1,ou=People,dc=my-domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: User1 SN
cn: User1 CN
uid: user1
userpassword: user1pwd
mail: [email protected]
dn: uid=user2,ou=People,dc=my-domain,dc=com
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetOrgPerson
sn: User2 SN
cn: User2 CN
uid: user2
userpassword: user2pwd
mail: [email protected]
# ROLES ENTRIES
dn: cn=role1,ou=Roles,dc=my-domain,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: role1
uniqueMember: uid=user1,ou=People,dc=my-domain,dc=com
dn: cn=role2,ou=Roles,dc=my-domain,dc=com
objectClass: top
objectClass: groupOfUniqueNames
cn: role2
uniqueMember: uid=user2,ou=People,dc=my-domain,dc=com
The LDIF file should be imported into the LDAP server using the specific command available for this task in the LDAP server product. In case of using OpenLDAP you should use the ldapadd command.
On succesfull creation of the schema, the Directory should look like the following :